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Online  retailers  are  feeling  the  pain  of  spam.  PAGE  10  Software  auditors  coming?  Don’t  panic.  Push  back!  H  42 
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TEST  PILOT 


Delta’s  new  low-fare  airline,  called 
Song,  has  an  impressive  array  of 
technologies  for  boosting  customer 
service.  Just  as  important,  it  serves 
as  a  testbed  for  new  IT  and  produc¬ 
tivity  concepts  that  the  parent  com¬ 
pany  can  use.  PAGE  37 


JOHW  JACOB! 

(above),  vice 
president  of  cus¬ 
tomer  systems  at 
Delta  Technolo¬ 
gy,  says  all  parts 
of  Delta  rallied  to 
support  start-up 
airline  Song. 


IT  Leads  Recovery  After 
Regional  Power  Failure 


Disaster  recovery  plans  put  to  the 
test;  users  report  resilient  systems 

BY  LUCAS  MEARIAN 

When  the  power  went  out  in  Manhattan  late 
Thursday  afternoon,  the  stock  markets  had  al¬ 
ready  closed.  But  the  crucial  trade-settlement 
system  that  uses  thousands  of  batch-processing 
computers  around  New  York  City  to  clear  bil¬ 
lions  of  dollars  in  trades  had  just  come  to  life. 

Diesel  generators  at  brokerage,  bank  and 
clearinghouse  data  centers  around  Manhattan 
and  New  Jersey  kicked  in,  and  IT 
departments  said  that  they  were 
far  better  prepared  for  what  most 
called  a  simple  power  outage  than 
they  were  on  Sept.  11, 2001. 

The  New  York  Stock  Exchange 
Users,  page  53 


CIOs,  experts  cite  urgent  need 
for  U.S.  infrastructure  upgrade 

BY  DAN  VERTON 

On  the  morning  after  last  week’s  blackout, 
power  company  CIOs  and  utilities  experts  said 
similar  or  more  catastrophic  failures  are  possi¬ 
ble  if  the  industry  and  government  fail  to  devel¬ 
op  more  modern  control  systems. 

“It’s  not  just  bigger  servers  or  better  data¬ 
bases  that  we  need,”  said  Ali  Jamshidi,  vice 
president  and  CIO  of  First  Energy  Corp.  in 
Akron,  Ohio.  “We  just  don’t  have 
the  analytical  tools  that  can  do 
analysis  on  a  real-time  basis  and 
that  are  predictive  vs.  reactive. 
Frankly,  the  tools  that  are  available 
are  just  not  robust  enough.” 

Systems,  page  53 


FULL  COVERAGE 

For  additional  stories 
about  the  power  outage, 
go  to  our  Web  site: 

0  QuickLink  a3550 
www.computerworld.com 


Patching  Becoming  a  Major 
Resource  Drain  for  Companies 


Need  to  stay  on  top  of 
threats  such  as  Blaster 
poses  burden  to  users 

BY  JAIKUMAR  VIJAYAN 

Last  week’s  W32.Blaster  worm, 
which  affected  thousands  of 
computers  worldwide  running 
Windows  operating  systems, 
highlighted  the  enormous 
challenge  companies  face  in 
keeping  their  systems  up  to 
date  with  patches  for  vulnera¬ 
bilities,  users  said. 

Companies  that,  ahead  of 
Blaster’s  rampage,  had  in¬ 
stalled  Microsoft  Corp.’s  patch 
for  a  flaw  identified  last  month 
said  they  felt  no  effect  from 
the  worm.  But  the  seemingly 
constant  work  involved  in 
guarding  against  such  worms 
is  becoming  a  burden  that 
could  prove  unsustainable 


over  time,  users  said. 

“The  thing  about  patching  is 
that  it  is  so  darn  reactive.  And 
that  can  kill  you,”  said  Dave 
Jahne,  a  senior  security  ana¬ 
lyst  at  Phoenix-based  Banner 
Health  System,  which  runs  22 
hospitals. 

“You  need  to  literally  drop 
Blaster,  page  15 


Users  Mull  On- 

BY  PATRICK  THIBODEAU 

ATLANTA 

Harold  Weiss,  a  senior  sys¬ 
tems  engineer  at  Baptist 
Memorial  Health  Care  Corp. 
in  Memphis,  is  convinced  that 
utility  computing  can  save  him 
money.  Storage  demand  for 
the  network  of  17  hospitals  is 
increasing  continuously  and 
prompting  capacity  purchases 


INSIDE 


A  security  expert  says  Microsoft’s 
Windows  Update  process  has 
serious  problems,  and  he’s  not 
alone.  PAGE  15 

Maryfran  Johnson  on  ‘Untrust¬ 
worthy  Computing.'  PAGE  20  -  ■  -f 


ONLINE. 


Federal  agencies  say  they  were 
unscathed  by  Blaster. 

^  Qiiick.link  40636 
^  www.cpmputerwofld.eom 


Demand  Model 

well  in  advance  of  need,  he 
said. 

With  an  on-demand  model, 
“I  could  have  everything  in 
place,  and  when  I  need  it,  [the 
vendor]  would  turn  it  on,”  said 
Weiss.  He  said  he  believes  this 
pay-as-you-go  computing 
model  could  cut  his  storage 
costs  by  about  20%. 

On-Demand,  page  6 


INLY  ONE  REPORTING 
YORKS  ACROSS  DEPART 
iCROSS  DIVISIONS.  ACRO 

NTRODUCING  COGNOS 


It’s  not  an  evolution.  It’s  a  revolution. 

Introducing  Cognos  ReportNet,the  new  enterprise  reporting  standard. 
Now,  you  can  deliver  consistent  information  across  your  business. 
Replace  stand-alone  reporting  tools  with  the  only  solution  that  handles 
everything  from  customized  queries  to  production  reports. 

Build  reports  once.  Deploy  in  any  language.  Automatically. 

Make  your  IT  team  and  users  more  productive. 

All  on  a  zero-footprint,  open  architecture  built  specifically  for  the  Web. 

See  how  you  can  drive  performance. 

Read  about  Breakthrough  Reporting  at: 


SOLUTION 

MENTS. 

SS  THE  PLANET. 
REPORTNET. 


COGNOS  REPORTNET 
WORLDWIDE  LAUNCH 

9  Sep  New  York,  NY 

9  Sep  London,  England 

9  Sep  Paris,  France 

9  Sep  San  Jose,  CA 

9  Sep  Chicago,  IL 

9  Sep  Frankfurt,  Germany 

9  Sep  Amsterdam,  Netherlands 
Join  us  online  at 

www.cognos.com/reportnet/events. 

BREAKTHROUGH  REPORTING 
GLOBAL  SERIES 

Americas 


3  Sep 

Los  Angeles,  CA 

4  Sep 

Dallas,  TX 

16  Sep 

Toronto,  ON 

18  Sep 

Iselin,  NJ 

23  Sep 

Calgary,  AB 

23  Sep 

Minneapolis,  MN 

24  Sep 

Milwaukee,  WI 

24  Sep 

Seattle,  WA 

25  Sep 

Portland,  OR 

25  Sep 

St.  Louis,  MO 

26  Sep 

Kansas  City,  KS 

1  Oct 

Boston,  MA 

2  Oct 

Washington,  DC 

2  Oct 

Phoenix,  AZ 

7  Oct 

Nashville,  TN 

7  Oct 

Sao  Paulo,  Brazil 

8  Oct 

Philadelphia,  PA 

8  Oct 

Ft.  Lauderdale,  FL 

9  Oct 

Pittsburgh,  PA 

15  Oct 

Atlanta,  GA 

17  Oct 

Houston,  TX 

21  Oct 

Hartford,  CT 

21  Oct 

Raleigh,  NC 

21  Oct 

Cincinnati,  OH 

22  Oct 

Cleveland,  OH 

22  Oct 

Richmond,  VA 

22  Oct 

Mexico  City,  Mexico 

23  Oct 

Rochester,  NY 

23  Oct 

Detroit,  MI 

23  Oct 

Montreal,  QC 

24  Oct 

Indianapolis,  IN 

28  Oct 

Denver,  CO 

4  Nov 

Edmonton,  AB 

20  Nov 

Ottawa,  ON 

Europe 

10  Sep 

Vienna,  Austria 

1  Oct 

Lausanne,  Switzerland 

7  Oct 

Frankfurt,  Germany 

8  Oct 

Amsterdam,  Netherlands 

9  Oct 

Paris,  France 

10  Oct 

Helsinki,  Finland 

13  Oct 

Birmingham,  England 

14  Oct 

Brussels,  Belgium 

15  Oct 

Stockholm,  Sweden 

16  Oct 

Zurich,  Switzerland 

Asia  Pacific 

21  Oct 

Perth,  Australia 

22  Oct 

Brisbane,  Australia 

23  Oct 

Canberra,  Australia 

28  Oct 

Adelaide,  Australia 

28  Oct 

Tokyo,  Japan 

29  Oct 

Melbourne,  Australia 

30  Oct 

Sydney,  Australia 

4  Nov 

Osaka,  Japan 

Register  today  at 

www.cognos.com/reportnet/events. 


COMPROMISE 


SUN  FIRE"  V60X  SERVER: 

>  INTEL  XEON  2.8  GHZ  PROCESSOR 

>  RUNS  SOLARIS"  9  OS  FOR  X86  OR  RED  HAT®  ENTERPRISE  LINUX’ 


$2,450. 


ES 


SUN  FIRE  V210  SERVER: 

>  RACK-OPTIMIZED,  ULTRASPARC  /SOLARIS  OS 

>  INTEGRATED  WITH  AWARD-WINNING  SUN"  ONE  MIDDLEWARE 


$2,995. 
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SUN  STOREDGE"  3310  SCSI  ARRAY: 

>  HIGH-DENSITY,  MODULAR  STORAGE 

>  HIGH  AVAILABILITY  CONFIGURATIONS 

$6,995. 

SUN  FIRE  BlOO  BLADE  SERVER: 

>  ULTRASPARC  OR  X86  PROCESSOR 

>  RUNS  SOLARIS  8,  9,  OR  RED  HAT  ENTERPRISE  LINUX  ES* 

$1,795. 


LOW  COST  MOVE  IS  ON 


IIHH 


RFID  Tunes  Into  Supply  Chains 

In  the  Technology  section:  Retailers  are  experimenting 
with  RFID  tags  as  an  alternative  to  bar  codes,  but  the 
technology’s  tags,  readers  and  software  still  need  plen¬ 
ty  of  work.  Page  23 


CRM:  Ready  or  Not? 

In  the  Management  section:  Read  this  excerpt 
from  The  CRM  Project  Management  Handbook  to 
help  you  decide  if  your  company  is  ready  to  take 
on  a  CRM  project.  Page  40 
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6  AMD’s  Opteron  processor 
faces  an  uphill  battle  against 
Intel’s  Itanium,  despite  IBM’s 
adoption. 

7  Carnival  Cruise  Lines  plans 
to  deploy  a  system  to  remote¬ 
ly  manage  4,000  PCs  on  land 
and  aboard  its  ships. 

8  Content  management  appli¬ 
cation  frees  up  IT  staff  at  Dol¬ 
lar  Rent  A  Car  for  develop¬ 
ment  work. 

10  Electronic  retailers  say  their 
legitimate  e-mail  is  getting 
lost  in  the  flood  of  spam. 

10  Navy  contract  is  intended  to 
securely  integrate  thousands 
of  old  applications  into  the 
Navy/Marine  Corps  Intranet. 

12  Storage  vendors  combine 
disk  arrays  with  tape  libraries 
to  increase  backup  reliability. 

12  HP  and  Hitachi  say  they’ll 
jointly  offer  disaster  recovery 
and  business  continuity  sys¬ 
tems  and  services. 

14  Boscov’s  Department  Store 

uses  a  new  product  to  boost 
the  efficiency  of  Linux  virtual 
server  deployment. 

15  Windows  Update  patch  man¬ 
agement  program  is  faulty, 
claims  one  expert. 

16  Mohegan  Sun  casino  bets  on 
funds  transfer  and  blackjack 
surveillance  technology. 

16  The  former  Soviet  Union’s 

pool  of  skilled  workers  draws 
R&D  interest  from  the  U.S. 


28  Corralling  Security  Data.  As 

security  devices  proliferate, 
administrators  face  the  chal¬ 
lenge  of  collecting  and  corre¬ 
lating  the  resulting  data. 
Here’s  how  they’re  coping. 

30  Future  Watch:  New  Spin  for 
Electronics.  Call  it  the  ulti¬ 
mate  in  spin  control:  IBM’s 
spintronics  technology  is  al¬ 
ready  increasing  hard-disk 
storage  capacities,  but  its  ap¬ 
plication  in  semiconductors 
may  eventually  create  a  world 
where  storage  and  memory 
are  one  and  the  same. 

32  Security  Manager’s  Journal: 
Faulty  Rules  Foul  Router 
Protection.  Human  error  is  to 
blame  when  a  faulty  router 
rule  base  leaves  Vince’s  cor¬ 
porate  LAN  open  to  denial- 
of-service  attacks. 

MANAGEMENT 

37  Delta’s  IT  Test  Pilot.  Delta’s 
new  low-fare  airline,  called 
Song,  is  using  technology  to 
cut  costs  and  boost  revenue 
and  operational  efficiency. 

42  Don’t  Panic,  Push  Back.  The 

best  thing  to  do  in  the  face  of 
a  looming  software  audit  is  to 
push  back  and  negotiate  with 
the  vendor  on  your  terms. 

The  worst  thing  to  do  is  give 
in  to  demands  without  a  fight. 

44  Q&A:  Newsmaker.  Business 
Technology  Partners’  Joshua 
Aaron  offers  tips  from  his  ex¬ 
perience  working  in  the  niche 
market  of  corporate  facilities 
design  and  relocation. 


8  On  the  Mark:  Mark  Hall 

discovers  that  India’s  role  as 
the  leading  locale  for  out¬ 
sourcing  may  be  in  jeopardy. 
The  next  hot  destination?  The 
Middle  East. 

20  Maryfran  Johnson  wonders 
why  IT  management  contin¬ 
ues  to  suffer  the  relentless 
security  problems  of  Micro¬ 
soft  Windows. 

20  Pimm  Fox  shares  three  sound 
suggestions  for  designing  and 
building  applications  that  can 
be  integrated  with  others. 

21  Michael  Gartenberg  debunks 
old  ways  of  thinking  about 
Ap’ple’s  Macintosh  systems 
and  suggests  they  work  well 
in  most  IT  environments. 

34  Dan  Mezick  says  program¬ 
ming  jobs  may  be  going  over¬ 
seas,  but  the  role  of  collabora¬ 
tive  development  manager  is 
likely  to  remain  stateside. 

44  Alan  MacCormack  says  “free” 
software  isn’t  always  free,  and 
simple  TCO  analysis  doesn’t 
reveal  the  underlying  costs. 

54  Frankly  Speaking:  Frank 

Hayes  is  glad  that  UCITA  is 
finally,  truly,  completely  dead. 
But  he  says  we  still  need  a 
good  UCITA  law  to  replace  it. 
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How  to  Plan  Your  Backup  Strategy 

STORAGE:  Backups  are  probably  the  most  es¬ 
sential  component  of  any  corporate  network, 
and  they  are  often  done  wrong.  But  it’s  not 
difficult  to  get  your  backup  strategy  right. 

0  QuickLink  40585 

HIPAAvs.  McDonald’s: 

Food  for  Thought 

SECURITY:  Health  care  companies  that  want 
to  avoid  trouble  over  HIPAA  compliance  can 
learn  from  the  infamous  McDonald’s  hot- 
coffee  lawsuit,  says  TruSecure  Corp.  attor¬ 
ney  Marne  E.  Gordan.  0  QuickLink  40078 

Real-Time  Feedback 

DEVELOPMENT:  Advice  for  managers  on  how 
to  provide  clear,  specific  and  timely  feedback 
to  help  people  do  their  best. 

0  QuickLink  40526 

StoreAge  Relies  on 
Out-of-Band  Virtualization 

STORAGE:  Faced  with  an  expanding  list  of 
competitors,  StoreAge  is  counting  on  the 
technical  prowess  of  its  Storage  Virtualiza¬ 
tion  Manager,  writes  analyst  Barb  Goldworm 
in  this  vendor  profile  for  SNW  Online. 

0  QuickLink  40570 


Hands  on:  A  Close-up  Look  at 
MacOSX’s  NetBoot 

OPERATING  SYSTEMS:  IT  professional  Ryan 
Faas  takes  a  look  at  how  NetBoot  can  be  used 
to  start  up  client  machines  from  a  network 
disk  image.  0  QuickLink  40606 


What’s  a  QuickLink? 

On  some  pages  in 
this  issue,  you'll  see 
a  QuickLink  code  pointing 
to  additional,  related  con¬ 
tent  on  our  Web  site.  Just 
enter  that  code  into  our 
QuickLink  box,  which 
you’ll  see  at  the  top  of 
each  page  on  our  site 
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Knowlecge  Centers 
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Tne  Online  Store 
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BMC  Expands 
Linux  Support 

BMC  Software  Inc.,  which  previ¬ 
ously  supported  consumer-grade 
Linux  distributions,  last  week 
announced  that  it  now  supports 
Red  Hat  Inc.’s  Enterprise  Linux 

2.1  and  SuSE  Linux  AG’s  Linux 
Enterprise  Server  8  in  several  of 
its  products,  including  Deploy¬ 
ment  Manager  for  Linux  Version 

1.2  and  its  SmartDBA  database 
management  tools. 


CSC  Earnings, 
Revenue  Up  in  Q1 

Computer  Sciences  Corp.’s  (CSC) 
earnings  and  revenue  grew  in  its 
first  quarter,  which  ended  July  4, 
thanks  largely  to  strong  sales  to 
the  U.S.  federal  government. 


S3.55B 


Q12003 


S2.75B 


Q12002 


Microsoft  Ordered 
To  Pay  $520M 

A  jury  in  Chicago  last  week 
ordered  Microsoft  Corp.  to  pay 
$520.6  million  in  damages  to 
Chicago-based  Eolas  Technol¬ 
ogies  Inc.  and  the  University 
of  California  after  finding  that 
Microsoft’s  Web  browser  in¬ 
fringed  on  a  patent.  Eolas  and  the 
university  accused  Microsoft  of 
improperly  including  technology 
in  Internet  Explorer  that  allows  in¬ 
teractive  content  to  be  embedded 
in  a  Web  site.  Microsoft  said  it 
plans  to  appeal. 


Survey:  CIOs  Have 
Bigger  Workloads 


m 


of  CIOs  said  their 
I  workload  has  in¬ 
creased  significantly 
in  the  past  12  months 


of  CIOs  said  their 
workload  has  in¬ 
creased  somewhat 


BASE:  Poll  of  more  than  1,400  U.S.  CIOs 


MARK  HALL  ■  ON  THE  MARK 

IT  Salaries  Are  Soaring 
12%  to  15%  a'&ar  in . . . 

. . .  Bangalore,  India,  which  is  making  outsourcers  there  edgy  about  the 
country’s  longtime  position  as  the  low-cost  leader  for  skilled  workers. 
Parmeet  Chaddha,  senior  vice  president  in  charge  of  offshore  opera¬ 
tions  at  San  Carlos,  Calif.-based  application  service  provider  Corio 
Inc.,  worries  that  “the  cost  differential  is  shrinking”  and  that  the  Indi¬ 
an  labor  advantage  will  hold  up  for  only  another  two  to  three  years. 
Talking  on  his  cell  phone  from  a  train  rumbling  into  a  New  Delhi  de¬ 
pot,  he  said  companies  that  move  IT  operations  offshore  need  to  think 


more  strategically  about  the  reasons  for 
doing  so,  such  as  offering  “follow  the 
sun”  tech  support  to  users.  Corio  Execu¬ 
tive  Vice  President  John  Ottman  adds, 
“The  basic  game  of  moving  labor  hours  off¬ 
shore  is  simplistic  and  short  term.”  ■  Brian 
Keane,  CEO  of  Boston’s  venerable  appli¬ 
cation  outsourcer  Keane  Inc.,  thinks  In¬ 
dia’s  mix  of  low  labor  costs,  a  computer- 
savvy  workforce,  English-language  skills 
and  a  friendly  legal  envi¬ 
ronment  for  business 
will  continue  to  give  the 
nation  an  advantage  for 
the  foreseeable  future. 

That’s  why  he  does  busi¬ 
ness  there.  Still,  he  says, 

“we  are  not  making  a 
country  bet  on  India. 

We’re  already  thinking 
ahead.”  Well,  what’s 
ahead?  For  Keane,  South 
Africa  and  countries  in 
the  Middle  East  might  be 
the  next  place  for  out¬ 
sourcers  to  find  smart, 
low-cost  workers.  That 


would  suit  Rudain  Arafeh  just  fine. 
Arafeh,  CEO  of  Configure  Inc.,  a  San 
Jose-based  WAN  consultancy,  thinks  U.S. 
companies  should  be  taking  a  closer  look  at 
Egypt,  Jordan,  Lebanon  and  elsewhere  in 
the  region  for  outsourcing  work.  Coun¬ 
tries  there  have  set  up  low-tax  zones  for 
foreign  companies  and  have  a  surplus  of 
trained,  English-speaking  technologists. 
But  Arafeh  believes  that  it’s  not  only  a 
good  business  decision, 
it’s  smart  global  politics. 
“There  are  too  many 
mostly  well-educated 
young  men  with  nothing 
to  do  over  there.  The 
byproduct  of  giving 
them  jobs  is  to  help  the 
region,”  he  argues.  It’s 
doubtful  that  any  Ameri¬ 
can  CEO  will  take  up 
this  “U.S.  IT  unemploy¬ 
ment  for  peace”  cause. 
They’ll  do  it  just  to  save 
the  bucks.  But  you  never 
know.  ■  With  the  world 
competing  for  cushy 


U.S.  IT  jobs,  you’d  think  that  low-cost 
labor  was  your  biggest  concern.  It’s  not. 
Computers  are.  Task  automation  is  a  bigger 
threat  to  IT  jobs.  Corio’s  Ottman  says,  “We 
want  to  automate  labor  out  of  the  equa¬ 
tion  as  much  as  possible.”  A  competing 
ASP,  Surebridge  Inc.  in  Lexington,  Mass., 
has  an  internal  program  called  Project  55 
with  the  goal  of  running  applications  55% 
less  expensively  than  companies  could 
do  themselves.  While  offshore  labor  sav¬ 
ings  are  part  of  the  difference,  automa¬ 
tion  can  make  a  bigger  difference.  Ac¬ 
cording  to  CIO  Mark  dayman,  “We  need 
to  get  policies  and  procedures  in  place  to 
make  every  task  automated.”  It’s  not  too 
late  to  learn  how  to  make  lattes  and  cafe 
mochas.  ■  Or  maybe  you  should  just  go  to 
a  smaller  company.  Laurence  Bunin,  CEO 
of  Handshake  Dynamics  LLC,  a  New 
York-based  management  advisory  firm, 
says,  “The  big  trend  in  the  midmarket  is  a 
dramatic  shift  to  insourcing.”  He  says  a 
number  of  $100  million  to  $1  billion  com¬ 
panies  found  that  the  headaches  and 
costs  of  managing  outsourced  projects 
sucked  out  all  the  savings  from  cheap  Indian 
labor.  Corio’s  Chaddha  points  out  that  any 
deal  with  an  Indian  outsourcer  needs  to 
add  back  15%  to  25%  of  U.S.  labor  wage 
rates  just  to  manage  the  complexity  of 
the  agreement.  For  a  large  company  or  an 
ASP  that  can  spread  the  costs  over  many 
users,  the  management  overhead  isn’t  as 
big  a  burden.  But  for  midsize  companies, 
it’s  a  pain.  As  a  result,  says  Bunin,  his 
clients  are  bringing  their  applications 
back  in-house.  And  cost  isn’t  the  only 
reason.  For  midsize  companies,  informa¬ 
tion  management  can  be  one  of  the 
biggest  competitive  advantages,  as  their 
application  needs  are  highly  specialized. 
That  means  offshore  outsourcers  are  best 
used  for  commodity  operations.  Well, 
there’s  a  little  light  in  the  long,  dark  unem¬ 
ployment  tunnel,  t 


Business  Monitoring 


BMC  Software  Inc.  in  Houston 
releases  this  week  its  BMC  Ser¬ 
vice  Impact  Manager  (BSIM) 
and  BMC  Event  Manager  (BEM), 
which  monitor  how  IT  operations 
and  performance  directly  affect 
discrete  business  operations.  The 
software  models  a  company’s 
business  processes  and  alerts 
interested  users  and  IT  staff 
when  the  metrics  for  those  proc¬ 
esses  change.  BSIM  starts  at 
$80,000,  and  BEM  at  $50,000. 


Dollar  Rent  A  Car  Project 
Frees  Staff  for  Web  Work 


BY  TODD  R.  WEISS 

In  a  move  aimed  at  freeing  up 
its  IT  workers,  Dollar  Rent  A 
Car  Inc.  will  enable  its  mar¬ 
keting  department  to  make 
on-the-fly  changes  to  its  car 
rental  Web  site  with  new  con¬ 
tent  management  software 
from  Percussion  Software  Inc. 

Peter  Osbourne,  group 
manager  of  Internet  and  data 
warehousing  at  Tulsa,  Okla.- 
based  Dollar  Thrifty  Automo¬ 
tive  Group  Inc.,  the  parent 


company  of  Dollar,  said  this  is 
the  first  time  that  the  Web  site 
will  include  content  manage¬ 
ment  software  intended  to 
make  updates  easier. 

“It  really  allows  my  [IT] 
team  to  focus  on  pure  devel¬ 
opment  from  the  technical 
side,”  Osbourne  said,  referring 
to  the  deployment  of  Stone- 
ham,  Mass.-based  Percussion’s 
Rhythmyx  5  Enterprise  Con¬ 
tent  Management  software. 

Previously,  when  Web  site 


changes  were  needed,  an  IT 
staffer  got  the  job,  taking  him 
away  from  development  work. 
Now  marketing  staffers  will  be 
able  to  add  rental  promotions 
and  other  pertinent  informa¬ 
tion  for  vehicle  rental  custo¬ 
mers  to  keep  the  site  updated. 

Key  benefits  of  the  Rhyth¬ 
myx  5  application  are  that 
nontechnical  people  can  use  it 
to  make  site  changes  and  that 
images  can  be  reused  easily 
from  one  Web  page  to  anoth¬ 
er,  Coniglio  said.  When  an  im¬ 
age  is  changed  on  one  Web 
page,  it’s  changed  automati¬ 
cally  on  all  the  other  pages  us¬ 
ing  it,  saving  time  and  effort 


on  site  construction. 

Another  benefit  is  that  the 
software  is  priced  at  about 
one-third  the  cost  of  compet¬ 
ing  products,  Coniglio  said, 
though  he  declined  to  name 
other  products  Dollar  consid¬ 
ered  or  how  much  it  paid.  But 
according  to  Percussion,  pric¬ 
ing  begins  at  $250,000  for  a 
typical  enterprise  content 
management  project. 

Dollar’s  deployment  of  the 
content  management  system 
began  early  this  month  and 
will  be  completed  next  month, 
Osbourne  said.  The  company 
will  run  the  application  on 
Windows  2000  Server.  ft 


SOURCE:  ROBERT  HALF  TECHNOLOGY. 
MENLO  PARK.  CALIF. 


MY  LONG -TER 

GAME  PLAN  FOR 

THE  SHORT 

WORLD. 


The  market  is  volatile.  Consumer  confidence  is  fickle.  And  you’ve  got  a  business  to  run.  Clearly,  you  need  business  systems  that  help 
you  plan  accordingly.  SAP  has  more  than  30  years’  experience  helping  companies  run  more  efficiently,  with  everything  from  analytical  tools 
that  help  you  take  decisive  action  to  an  open  e-business  platform  that  helps  you  get  more  value  out  of  the  systems  you’ve  already  invested  in. 
So  no  matter  what  size  company  you  are,  we  have  a  long-term  plan  for  you.  Visit  sap.com  or  call  us  at  800  880  1727. 

THE  BEST-RUlf  BtfgfiiigSEg  RUN  SUP 

£  2003  SAP  AG.  SAP  and  the  SAP  (090  are  trademarks  and  ragged  trademarks  of  SAP  AG  in  Germany  and  several  other  countries. 


- 


COMPHTMWOmD  August  18. 2003 

Electronic  Retailers 
Hurt  by  Spam  Flood 

Mailings  that  customers  opt  to  receive 
are  being  blocked  or  going  unread 


BY  CAROL  SLIWA 

BOSTON 

new  york-based  on¬ 
line  jewelry  retailer 
blasted  an  e-mail  to 
customers  with  the 
subject  line  “Hot  Summer 
Styles.”  Even  though  the  in¬ 
tended  recipients  had  asked  to 
receive  mailings  from  the  com¬ 
pany,  some  300,000  of  them 
never  saw  it. 

The  word  hot  apparently 
triggered  filters  that  blocked 
the  message  from  being  deliv¬ 
ered,  said  Pinny  Gniwisch,  a 
founder  of  Ice.com.  “The  filters 
are  not  smart,”  he  lamented. 

Many  electronic  retailers  at 
last  week’s  eTail  2003  confer¬ 


ence  here  complained  that 
they’re  suffering  from  an  anti¬ 
spam  backlash  even  though 
they  said  they  have  opt-in 
mail  policies  and  don’t  spam 
anyone. 

Several  electronic  retailers 
said  that  in  the  past  six 
months,  they’ve  found  their 
marketing  messages  being 
increasingly  blocked  or  fil¬ 
tered,  or  simply  going  unread 
by  customers  who  are  inun¬ 
dated  with  so  much  unwanted 
e-mail  that  they’re  starting 
to  tune  out  even  legitimate 
communications. 

“This  is  the  big  battle¬ 
ground  —  getting  your  mail 
through,”  said  Daniel  Gudema, 


e-commerce  strategist  at  ABC 
Distributing  LLC  in  North 
Miami.  “Maybe  e-mail  will 
become  obsolete  as  a  market¬ 
ing  tool.” 

Some  retailers  claim  that 
they’re  starting  to  see  the 
harmful  effects  in  their  general 
ledgers.  Online  retailer  eBags 
sends  out  about  8  million  elec¬ 
tronic  messages  per  month  to 
customers  who  opt  to  receive 
its  mailings,  according  to  CEO 
Jon  Nordmark.  A  year  ago,  22% 
of  the  recipients  made  pur¬ 
chases  as  a  direct  result  of 
those  messages.  Now  the  con¬ 
version  percentage  is  13.2%. 

Nordmark  said  the  Green¬ 
wood  Village,  Colo.,  retailer 
hit  profitability  last  year  and 
has  seen  overall  revenue  grow 
90%.  But  e-mail  is  no  longer 
the  primary  growth  driver. 


It  now  ranks  behind  affiliate 
marketing,  off-line  catalogs 
and  search  technology  on  the 
priority  list,  he  said. 

Mike  Frazzini,  vice  presi¬ 
dent  of  technology  at  eBags, 
is  convinced  spam  is  to  blame. 
He  estimated  that  at  least  30% 
of  the  company’s  e-mail  is  be¬ 
ing  blocked  or  filtered,  al¬ 
though  he  acknowledged  that 
it’s  tough  to  quantify.  He  said  a 
company  often  doesn’t  know  if 
its  mail  is  being  blocked  at  the 
server  by  an  Internet  service 
provider  or  a  corporation,  or 
on  the  client  side  with  filters 
set  up  by  individual  users. 

Frazzini  said  the  company  is 
working  to  make  sure  its  do¬ 
main  isn’t  turning  up  on  any 
of  the  black  lists  that  antispam 
groups,  such  as  Mail  Abuse 
Prevention  System  LLC,  have 
established  to  help  companies 
set  up  spam  filters.  He  said 
corporations  and  Internet  ser¬ 
vice  providers  sometimes  use 
those  lists  to  set  up  server- 
based  filters. 

Matthew  Berk,  an  analyst  at 
Jupiter  Research  in  New  York, 
advises  retailers  to  outsource 


Navy  Taps  Security  to 
Manage  Legacy  Apps  Risk 


Contract  aimed  at 
integrating  old 
apps  with  N/MCI 

BY  DAN  VERTON 

The  U.S.  Navy  has  awarded 
a  S5.8  million  contract  that’s 
designed  to  help  the  service 
tackle  one  of  its  most  pressing 
security  challenges:  integrat¬ 
ing  thousands  of  legacy  appli¬ 
cations  into  its  multibillion- 
dollar  Navy/Marine  Corps 
Intranet  (N/MCI)  program. 

The  two-year  deal  with 
Mountain  View,  Calif. -based 
Securify  Inc.,  announced 
last  week,  will  give  the  Navy 
unlimited  use  of  Securify’s 
SecurVantage  security  man¬ 
agement  product.  The  goal  is 
to  ensure  that  all  of  the  Navy’s 
networks  comply  with  the 
more  robust  security  policies 
established  by  the  N/MCI 


contract  [QuickLink  39348J. 

The  Navy  in  2000  awarded 
the  S6.9  billion  N/MCI  con¬ 
tract  to  Plano,  Texas-based 
Electronic  Data  Systems  Corp. 
Among  the  challenges  that 
have  at  times  threatened  the 
project’s  success  has  been  the 
existence  of  tens  of  thousands 
of  applications  that,  if  moved 
into  the  intranet,  would  ex¬ 
pose  security  vulnerabilities. 

Of  30,000  legacy  applica¬ 
tions,  12,000  have  been  either 
approved  outright  or  ap¬ 
proved  with  restrictions  to 
operate  in  the  N/MCI  envi¬ 
ronment.  The  Navy  hopes  to 
get  the  total  number  of  appli¬ 
cations  it  uses  down  to  5,000 
within  several  months,  ac¬ 
cording  to  Capt.  Chris  Chris¬ 
topher,  staff  director  at  the 
N/MCI  program  office. 

Deploying  the  Securify 
product  will  help  the  Navy 


more  quickly  integrate  exist¬ 
ing  applications,  the  majority 
of  which  still  sit  on  servers 
located  outside  of  the  N/MCI, 
Christopher  said.  Starting 
Oct.  1,  all  new  applications 
deployed  by  Navy  units  must 
comply  with  stringent  N/MCI 
security  requirements. 

“That’s  going  to  be  a  chal¬ 
lenge,”  said  Christopher. 
“There’s  probably  going  to  be 


PRODUCT  FEATURES 


SecurVantage  Enterprise 
Monitoring  Point 

■  Rack-mounted  PC  appliance 

■  1-GHz  Pentium  III 

■  1GB  memory 

■  Three  9GB  hard  drives 


SecurVantage 
Enterprise  Manager 

■  Dell  PowerEdge  1650  server 
with  1.4-GHz  Pentium  III 

■  1GB  SDRAM 

■  Two  18GB  SCSI  hard  drives 

■  Dual  onboard  NICs 


a  lot  of  waivers  put  in  to  try  to 
move  the  process  along.” 

Steve  Vetter,  director  of 
strategic  planning  for  the 
N/MCI  program  at  EDS,  said 
the  key  issue  facing  the  Navy 
—  and  the  driving  factor  be¬ 
hind  the  decision  to  purchase 
the  Securify  product  —  is  the 
need  to  have  enough  informa¬ 
tion  about  the  security  of  vari¬ 
ous  networks  and  applications 
so  that  good  decisions  can  be 
made  about  which  applica¬ 
tions  to  allow  inside  the 
N/MCI  environment. 

For  now,  the  Navy  is  prepar¬ 
ing  to  deploy  65  enterprise 
SecurVantage  monitoring 
points,  said  Carl  Wright,  vice 
president  of  federal  opera¬ 
tions  at  Securify. 

“Most  government  organi¬ 
zations  today  really  don’t  un¬ 
derstand  what  their  [current! 
IT  environment  is  like,”  said 
Wright.  “As  they  moved  dur¬ 
ing  the  last  two  years  from 
mainframe  to  distributed 
client/server  architectures, 
they  really  lost  control  of  that 
information  architecture.”  I 
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Marketing  Tips 

Consider  a  third-party  mail 
provider. 

Avoid  using  the  catchphrases  of 
true  spammers  in  subject  lines. 

Send  only  permission-based 
mail  customers  will  find  valuable. 


Encourage  customers  to  add 
your  company  to  their  address 
books  or  to  set  their  filters  to 
accept  your  mail. 

Refresh  your  mailing  list  to 
make  sure  customers  are  still 
interested  in  receiving  content. 


bulk  mailings  to  third  parties 
that  stay  on  top  of  issues  in¬ 
volving  spam.  Those  providers 
include  CheetahMail  Inc.,  Dou¬ 
bleclick  Inc.,  Digital  Impact 
Inc.  and  Responsys  Inc. 

In  addition,  Berk  said  retail¬ 
ers  would  be  wise  to  stop  us¬ 
ing  the  same  sorts  of  phrases 
that  true  spammers  insert  into 
the  subject  lines  of  their  mes¬ 
sages,  such  as  “act  now,”  “free” 
and  “one-time  opportunity.” 
Exclamation  points  are  anoth¬ 
er  no-no,  he  said. 

“If  it  sounds  like  spam,” 

Berk  warned,  “it  is  spam.” 

Paying  Attention 

Many  companies  now  do 
more  extensive  monitoring 
of  the  open,  click-through 
and  conversion  rates  to  gain 
greater  insight  into  their 
e-mail  efforts. 

Tower  Records,  a  Digital 
Impact  customer,  has  found 
in  the  past  six  months  that  its 
e-mail  open  rates  have  dipped 
lower  than  they’ve  ever  been, 
according  to  Kevin  Ertell,  se¬ 
nior  vice  president  of  online 
operations.  Ertell  said  he  sus¬ 
pects  that  mail  is  getting  lost 
in  the  spam  shuffle. 

“If  the  overwhelming  prob¬ 
lem  isn’t  solved,  it  won’t  really 
matter  what  content  we  put  in 
the  e-mail  because  people 
aren’t  seeing  it,”  Ertell  said. 

Ertell,  like  some  other  re¬ 
tailers,  said  he  would  support 
legislation  to  help  curb  the 
problem.  “We  have  to  do 
something  about  it,”  he  said. 
“It’s  gone  beyond  annoying. 

It’s  negatively  affecting  peo¬ 
ple’s  business  operations.”  I 
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Vendors  to  Combine  Disk 
Arrays  and  Tape  Libraries 


Move  improves  backup  and  restore 
capabilities,  aids  regulatory  compliance 


BY  LUCAS  MEAR1AN 

In  the  wake  of  new  gov¬ 
ernment  regulations 
requiring  better  corpo¬ 
rate  record-keeping, 
three  top  tape  library  vendors 
have  confirmed  that  they’re 
working  to  combine  inexpen¬ 
sive  disk  arrays  with 
their  libraries  to  bol¬ 
ster  backup  reliability 
and  data  restoration. 

Advanced  Digital  Informa¬ 
tion  Corp.  (ADIC),  Storage 
Technology  Corp.  and  Spectra 
Logic  Corp.  are  each  develop¬ 
ing  products  that  would  use 
Serial  Advanced  Technology 
Attachment  disk  arrays  physi¬ 
cally  and  logically  tied  to  tape 
libraries  to  consolidate  storage 
management,  speed  backups, 
increase  redundancy  and 
guarantee  the  fast  restoration 
of  mission-critical  data. 

Jonathan  Otis,  ADIC’s  se¬ 
nior  vice  president  of  technol¬ 
ogy,  said  RAID  adds  reliability 
to  his  company’s  libraries  be¬ 
cause  “you  can  lose  a  disk 
drive  and  the  backup  will  con¬ 
tinue,  while  with  tape  drives, 
if  a  drive  goes  down,  it  will 
stop  the  process,  and  you’ll 
have  to  start  it  all  over  again 
on  another  drive.” 

ADIC  said  its  combination 
disk/tape  library  will  be  avail¬ 
able  this  fall.  Spectra  Logic 
said  its  model  will  be  available 
early  next  year. 

Louisville,  Colo.-based  Stor- 
ageTek  wouldn’t  say  when  its 
product  will  be  available,  but 
company  officials  said  the 
technology  is  part  of  an  over¬ 
all  information  life-cycle  man¬ 
agement  initiative  focused  on 
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storing  data  on  varying  forms 
of  media.  The  goal  is  to  align 
cost,  reliability  and  speed  of 
recovery  with  the  importance 
of  the  data. 

“The  next  logical  step  for 
our  partners  and  customers  is 
doing  tighter  integration  of 
components  with  not 
just  disk  to  tape,  but 
[with]  networking  and 
management  tools,”  said  Tom 
Balue,  manager  of  product 
marketing  for  StorageTek’s 
Automated  Tape  Solutions 
division. 

Balue  said  one  of  the  biggest 
advantages  of  a  disk/tape  li¬ 
brary  combination  is  that  sys¬ 
tems  administrators  can  back 
up  different  data  sets  to  disk 


and  tape  from  a  single  con¬ 
sole,  without  having  to  learn 
multiple  backup  applications. 

“What’s  the  advantage  of 
disk  over  tape?  If  you  lose  a 
tape,  you’re  in  trouble,  but  if 
you’re  using  inexpensive  disk 
in  a  RAID,  the  data  isn’t  lost,” 
said  Matt  Starr,  chief  technol¬ 
ogy  officer  at  Boulder,  Colo.- 
based  Spectra  Logic,  referring 
to  an  array’s  ability  to  rebuild 
data  striped  across  multiple 
disks  after  a  single  drive  fails. 

Consolidate  Power 

Another  advantage  of  combin¬ 
ing  disk  arrays  with  tape  li¬ 
braries  is  that  administrators 
could  combine  power  sources 
and  cooling  systems,  Starr  said. 

Rick  Luttrall,  director  of 
product  marketing  for  the 
Nearline  Storage  division  of 
leading  tape  vendor  Hewlett- 


Why  combine 
disk  and  tape? 

■  Faster  and  more  reliable 
backups 


■  Faster  restoration  of  data 


s  Easier  integration  of 
management  tools 


*  Consolidation  of  power 
and  cooling  systems 


■  Takes  less  room  in  the 
data  center 


Packard  Co.,  said  HP  is  con¬ 
sidering  physically  combining 
disk  and  tape.  But  he  empha¬ 
sized  that  addressing  a  policy- 
driven  information  life-cycle 
management  strategy  that  in¬ 
cludes  intelligent  software  is 
far  more  important. 


Gary  Pilafas,  senior  storage 
and  systems  architect  at  UAL 
Loyalty  Services  Inc.,  a  unit 
of  United  Air  Lines  Inc.,  said 
that  “in  a  world  where  we’re 
keeping  our  backups  longer,” 
disk  and  tape  combinations 
have  merit. 

Pilafas  currently  uses  two 
StorageTek  L700e  libraries  to 
archive  data  but  plans  to  up¬ 
grade  to  Fibre  Channel  drives 
so  he  can  include  the  libraries 
in  a  storage-area  network. 

Disk  acting  as  cache  for  Pi¬ 
lafas’  library  would  allow  UAL 
Loyalty  Services  to  restore 
data  faster. 

“I  think  that’s  what  a  lot  of 
end  users  are  thinking:  For 
backup,  let’s  just  use  disk.  If 
StorageTek  said  you  can  back 
up  to  disk  and  dump  to  tape  to 
meet  all  the  federal  regula¬ 
tions  . . .  then  you’ve  met  a 
whole  lot  of  requirements” 
Pilafas  said. 

Because  disk  arrays  help  en¬ 
sure  that  data  is  backed  up, 
they  can  help  companies  meet 
federal  regulations  such  as  the 
Sarbanes-Oxley  Act,  which  re¬ 
quires  that  e-mail  be  retained 
and  retrievable.  ) 


HP,  Hitachi  to  Offer  Disaster  Recovery  Services 


BY  LUCAS  MEARIAN 

Hewlett-Packard  Co.  said  last 
week  that  it  has  extended  a 
multibillion-dollar  OEM 
agreement  with  Hitachi  Data 
Systems  Corp.  to  continue  of¬ 
fering  Hitachi’s  high-end  Free¬ 
dom  Storage  Lightning  9900 
series  array  under  the  Storage- 
Works  XP  brand.  The  two 
vendors  also  agreed  to  jointly 
provide  disaster  recovery  and 
business  continuity  systems 
and  services. 

HP  extended  the  OEM 
agreement  through  2008.  The 
partnership  with  Santa  Clara, 
Calif.-based  Hitachi  had  been 
set  to  expire  in  2005. 

Bob  Schultz,  senior  vice 
president  of  HP’s  Network 
Storage  Solutions  division, 
wouldn’t  say  how  much  the 
OEM  agreement  is  worth  but 
said  it  will  bolster  a  larger  ser¬ 
vices  strategy. 

Hitachi’s  Lightning  9900 
features  an  internal  switched- 


bus  architecture  that  supplies 
bandwidth  of  up  to  6.4GB/sec. 
and  capacity  of  up  to  147TB. 
HP  loads  its  own  management 
software  onto  the  array.  Both 
companies  plan  to  use  the 
Lightning  array  as  the  center- 
piece  of  the  disaster  recovery 
and  business  continuity  sys¬ 
tem  they  offer.  That  system 
will  synchronously  replicate 
between  a  primary  and  sec- 


The  Five-Year  Plan 


■  HP  will  continue  to  sell 
Hitachi’s  high-end  Lightning 
9900  array. 

■  HP  and  Hitachi  will  work 
jointly  on  building  disaster 
recovery  systems. 

■  Systems  will  include  regional 
mirroring  and  long-distance 
replication. 

■  HP/Hitachi  sales  and  services 
teams  will  be  on-site  together. 


ondary  site  less  than  60  miles 
apart  and  asynchronously 
replicate  to  a  third  array  thou¬ 
sands  of  miles  away. 

The  HP  Storage  Works  Mul¬ 
ti-Site  Disaster  Tolerant  Solu¬ 
tion  combines  HP’s  software, 
hardware,  networking  and  ser¬ 
vices  with  Hitachi’s  array  to  al¬ 
low  users  to  recover  applica¬ 
tion  processing  in  less  than  one 
hour  if  a  local  or  regional  dis¬ 
aster  occurs,  Schultz  said. 

One  Relationship 

For  Steve  Strout,  CIO  of  Mor¬ 
ris  Communications  Corp.  in 
Augusta,  Ga.,  the  services 
partnership  between  HP  and 
Hitachi  will  speed  the  imple¬ 
mentation  of  a  disaster  recov¬ 
ery  system  he  plans  to  have  in 
place  by  October  for  backing 
up  his  SAP  and  Microsoft  Ex¬ 
change  application  servers. 

Strout  said  one  of  the  big¬ 
gest  benefits  from  the  partner¬ 
ship  is  the  ability  to  get  the 


high-end  Hitachi  array  with¬ 
out  having  to  configure  or 
download  the  HP  replication 
software. 

“I  want  to  have  one  relation¬ 
ship,”  he  said.  “This  allows 
them  to  do  system-to-system 
backups  without  me  having 
to  do  a  lot  of  systems  adminis¬ 
tration.  This  provided  me  a 
much  better  and  faster  imple¬ 
mentation.” 

Strout  has  so  far  purchased 
two  Storage  Works  XP  arrays, 
each  with  7TB  of  capacity,  for 
business  continuity.  He  plans 
on  mirroring  data  between 
data  centers  in  Augusta  and 
Atlanta.  Strout  said  he  will 
eventually  purchase  a  third  ar¬ 
ray  for  longer-distance  disas¬ 
ter  recovery. 

Schultz  said  a  three-site  dis¬ 
aster  recovery  system  will  cost 
on  average  between  $1.5  mil¬ 
lion  and  $3  million,  depending 
on  how  the  arrays  and  net¬ 
works  are  configured.  I 


EMC2 

where  information  lives 


Didyou  knowthatsomeofour 

BEST  STORAGE  PRODUCTS  COME 
ON  A  DIFFERENT  KIND  OF  DISK? 

OUR  SOFTWARE  GIVES  YOU  SOME 
VERY  SMART  CHOICES. 


To  manage  complexity,  you’ve  got  to  outsmart  it.  EMC  Automated  Networked  Storage™  delivers  the 
software  that  automates  management  of  your  multi-vendor  storage  infrastructure,  including  the  most 
error-prone  tasks  such  as  monitoring  and  provisioning.  Nowyou  can  gain  a  unified,  end-to-end  view  ofyour 
entire  environment.  Define  your  service  levels.  And  run  an  agile,  active  infrastructure  that  helps  the  busi¬ 
ness  pounce  on  opportunity. 

See  how  other  companies  are  using  EMC  Automated  Networked  Storage  to  manage  more 
information  with  less  effort  atwww.EMC.com. 


EMC2  and  EMC  are  registered  trademarks  and  EMC  Automated  Networked  Storage  and  where  information  lives  are  trademarks  of  EMC  Corporation.  ©2003  EMC  Corporation.  All  rights  reserved. 
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MCI  Names  AT&T 
Exec  President,  COO 

After  weeks  of  responding  to  al¬ 
legations  of  wrongdoing  by  chief 
competitor  AT&T  Corp.,  MCI 
(which  is  still  legally  known  as 
WorldCom  Inc.)  last  week  an¬ 
nounced  the  appointment  of 
Richard  R.  Roscitt,  a  former 
AT&T  executive,  as  its  president 
and  chief  operating  officer,  re¬ 
porting  to  CEO  Michael  Capellas. 
Roscitt  was  previously  president 
of  AT&T  Business  Services  and 
president  and  CEO  of  AT&T 
Solutions. 


HP  Buys  .Net 
Consulting  Firm 

Hewlett-Packard  Co.  last  week 
said  it  has  agreed  to  buy  a  con¬ 
sulting  company  that  specializes 
in  designing  and  implementing 
systems  and  applications  based 
on  Microsoft  Corp.’s  .Net  archi¬ 
tecture  for  Web  services.  At¬ 
lanta-based  Extreme  Logic  Inc. 
will  become  a  wholly  owned  sub¬ 
sidiary  operating  as  part  of  HP’s 
services  division.  Financial  terms 
weren’t  disclosed. 


Sun  to  Replace 
Entry-Level  Server 

Sun  Microsystems  Inc.  last  week 
said  it  will  replace  its  entry-level 
Intel  Pentium  Ill-based  server 
with  Intel  Xeon-based  systems  in 
mid-October.  The  Sun  Fire  VSOx 
and  V65x  servers  will  fill  the 
low-end  spot  in  Sun’s  x86  prod¬ 
uct  line  and  run  Solaris  or  Linux. 


New  Protocol  Helps 
Boost  Wi-Fi  Sales 

The  market  for  802.11,  or  Wi-Fi, 
wireless  LAN  equipment  grew  in 
the  second  quarter,  driven  in 
part  by  users  embracing  the  re¬ 
cently  standardized  802.11g 
technology,  said  Dell'Oro  Group 
Inc.  in  Redwood  City,  Calif. 
Worldwide  Wi-Fi  unit  shipments 
grew  6%  from  the  first  quarter, 
but  falling  prices  limited  revenue 
growth  to  2%,  Dell’Oro  said. 


Retailer  Boosts  Efficiency  of 
Linux  Virtual  Server  Project 

Department  store  chain  saves  money 
on  hardware,  IT  staff  using  Levanta  2.0 


BY  TODD  R.  WEISS 

ith  A  shrinking 
IT  staff  and  a 
flat  IT  budget, 
Boscov’s  De¬ 
partment  Store  needed  a  way 
to  increase  the  efficiency  of 
deploying  Linux  virtual 
servers  on  its  underutilized 
IBM  zSeries  mainframe. 

After  first  trying  to  set  up 
the  virtual  servers  himself,  pro¬ 
grammer  Rob  Schwartz  found 
that  by  installing  a  copy  of 
SuSE  Linux  AG’s  Linux  on  each 
virtual  server  on  the  main¬ 
frame,  he  was  wasting  large 
amounts  of  memory  and  disk 
space.  He  determined  that  us¬ 
ing  read-only  file  sharing 
would  solve  the  problems,  but 
setting  up  such  a  system  would 
be  difficult  to  do  on  his  own. 

That’s  the  scenario  behind 
Boscov’s  deployment  of 
Linuxcare  Inc.’s  Levanta  2.0, 
which  was  introduced  at  the 
recent  LinuxWorld  conference 
in  San  Francisco. 

Joe  Poole,  technical  support 
manager  at  Reading,  Pa.-based 
Boscov’s,  said  he  had  heard 
about  Levanta  at  an  IT  confer¬ 
ence  two  years  ago.  Poole  said 
that  at  the  time,  the  first-gen¬ 
eration  Levanta  offering  was 
the  only  product  he  found  that 
could  help  him.  “They  were 
building  something,  and  I  saw 
value  in  it”  and  volunteered  to 
become  a  beta  tester,  he  said. 

Using  Levanta,  Boscov’s  was 
able  to  set  up  about  two-dozen 
virtual  Linux  servers,  while 
sharing  binaries  and  executa¬ 
bles,  Schwartz  said.  The  virtual 
servers  are  replacing  a  host  of 
Windows  NT  servers,  includ¬ 
ing  11  production  systems  and 
10  test  systems. 

Although  he  declined  to 
provide  a  dollar  figure,  Poole 
said  the  regional  department 
store  chain  has  saved  money 
on  hardware  and  IT  staff  by 
using  Levanta.  “To  bring  in 
new  server  instances  [as 


they’re  needed]  costs  no  more 
money,  once  you  have  this 
equipment,”  he  said. 

Schwartz  is  managing  the 
company’s  Linux  environment 
on  his  own. 

In  addition,  Levanta  allows 
Schwartz  to  configure  the  Lin¬ 
ux  instances  with  specific 
rights  for  other  IT  workers  at 
Boscov’s  so  they  can  perform 
their  work  without  having  full 
access  to  the  mainframe,  said 
Poole.  “It  gives  [Schwartz] 


Vendors  expected 
to  support  Basic 
Profile  in  products 

BY  CAROL  SLIWA 

Users  concerned  about  being 
able  to  build  interoperable 
Web  services  got  an  encourag¬ 
ing  sign  last  week  when  an  in¬ 
dustry  group  released  a  long- 
awaited  set  of  guidelines  that 
vendors  are  expected  to  sup¬ 
port  in  products. 

The  Web  Services  Interop¬ 
erability  Organization  (WS-I), 
whose  170  members  include 
vendors  and  user  companies, 


Basic 
Profile  1.0 

The  WS-I  released  a  set  of  guide¬ 
lines  to  show  how  the  following 
specifications  should  be  used  to 
build  interoperable  Web  services: 

■  SOAP  1.1 

■  WSDL1.1 

■  UDDI2.0 

■  XML  1.0 

■  XML  Schema 


control  to  give  control  to  oth¬ 
ers,”  he  said. 

Pricing  for  San  Francisco- 
based  Linuxcare’s  Levanta  2.0 
for  a  z/900  mainframe  begins 
at  $100,000  per  Integrated  Fa¬ 
cility  for  Linux.  The  applica¬ 
tion  can  run  Red  Hat  Inc.’s 
Linux  7.2  or  SuSE  Linux  Enter¬ 
prise  Server  operating  systems 
for  the  virtual  servers. 

Levanta  runs  on  the  main¬ 
frame’s  IBM  z/VM  operating 
system,  making  it  possible  for 
IT  workers  with  little  z/VM 
expertise  to  quickly  configure 
and  run  the  virtual  Linux 


announced  the  availability  of 
its  Basic  Profile  1.0  guidelines, 
which  detail  how  a  set  of  core 
Web  services  specifications 
should  be  used  to  build  inter¬ 
operable  Web  services. 

In  developing  the  Basic  Pro¬ 
file,  the  WS-I  addressed  about 
200  problematic  issues  related 
to  the  specifications  and  their 
interoperability,  said  Steven 
VanRoekel,  director  of  Web 
services  at  Microsoft  Corp. 

The  WS-I  has  also  pledged 
to  release  test  tools  that  can  be 
used  to  check  if  an  application 
is  compliant  with  the  Basic 
Profile.  Test  tools  are  due  this 
fall  for  both  the  Java  and  C# 
development  environments. 

Sample  applications  are  also 
scheduled  to  be  made  avail¬ 
able  to  provide  developers  de¬ 
sign,  implementation,  test  and 
deployment  scenarios  in  vari¬ 
ous  business  situations  on  10 
different  platforms. 

The  Basic  Profile  guidelines 
are  intended  for  vendors,  large 
corporations  and  industry 
consortia  developing  software 
and  tools  that  can  be  used  to 
write  Web  services,  said  Jason 
Bloomberg,  an  analyst  at  Zap- 
Think  LLC  in  Waltham,  Mass. 


NEW  PRODUCT 

Levanta  2.0  on 
the  IBM  zSeries 
mainframe: 

■  Enables  users  to  change, 
create  and  configure  virtual 
Linux  servers. 

■  Reduces  disk  space  and 
memory  requirements  by 
sharing  resources. 

■  Supports  Red  Hat  Linux  7.2 
and  SuSE  Linux  Enterprise 
Server  operating  systems. 


servers,  said  John  Phelps,  an 
analyst  at  Gartner  Inc.  in 
Stamford,  Conn. 

“You  could  do  it  on  your 
own,  but  it  would  take  you  a 
lot  more  work,”  he  said.  ) 


“A  lot  of  the  gray  areas  with 
the  basic  Web  services  stan¬ 
dards  are  now  resolved,  and 
we  can  move  on  to  the  more 
challenging  areas:  security, 
management,  reliability  and 
transactions,”  Bloomberg  said. 

The  WS-I  is  continuing 
work  on  Version  1.1  of  the  Ba¬ 
sic  Profile,  which  will  add  sup¬ 
port  for  attachments  in  SOAP- 
based  messages,  and  on  the 
Basic  Security  Profile. 

But  it  remains  unclear  what 
the  WS-I’s  plans  are  for  SOAP 
1.2,  according  to  VanRoekel. 
The  new  version  of  SOAP, 
which  the  World  Wide  Web 
Consortium  finalized  in  June, 
brings  substantial  improve¬ 
ments  over  the  1.1  edition  that 
became  the  de  facto  standard 
among  vendors. 

Tom  Glover,  chairman  of 
the  WS-I,  has  said  that  the 
group  will  consider  incorpo¬ 
rating  SOAP  1.2  into  a  future 
version  of  the  Basic  Profile. 

The  WS-I’s  membership  in¬ 
cludes  major  vendors  such  as 
Hewlett-Packard  Co.,  IBM,  Mi¬ 
crosoft  and  Oracle  Corp.  and 
enterprise  users  such  as 
Charles  Schwab  &  Co.  and 
Merrill  Lynch  &  Co.  I 
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Windows  Update  Patch 
Process  Faulty,  Expert  Says 

Claims  flaw  fools  users  into  thinking  that 
their  systems  have  been  patched  properly 


BY  JAIKUMAR  VIJAYAN 

Microsoft  Corp.’s  Windows 
Update  patch  management 
program  has  a  critical  short¬ 
coming  that,  in  some  cases, 
could  fool  users  into  thinking 
they  have  been  properly 
patched  against 
some  vulnerabili¬ 
ties  when  in  fact 
they  have  not,  a 
security  expert 
said  last  week. 

The  claim,  made  by  Russ 
Cooper,  moderator  of  the  pop¬ 
ular  NTBugtraq  mailing  list 
and  an  analyst  at  Reston,  Va.- 
based  TruSecure  Corp.,  was 
strongly  refuted  by  Microsoft 
as  being  unfounded. 

According  to  Cooper,  the 
problem  lies  in  the  manner  in 
which  the  Windows  Update 
program  verifies  whether  a 
system  has  a  particular  patch. 

Windows  Update  relies  only 


on  the  “registry  key”  informa¬ 
tion  associated  with  each 
patch  to  determine  if  a  system 
has  a  specific  patch,  Cooper 
said. 

When  a  user  goes  to  the 
Windows  Update  site,  a  pro¬ 
gram  first  scans 
the  user’s  system 
for  the  registry 
keys  to  determine 
what  patches  are 
installed  on  the  system. 

The  problem  is  that  a  sys¬ 
tem  may  have  the  registry 
keys  associated  with  a  particu¬ 
lar  patch,  even  though  the 
patch  itself  may  not  be  in¬ 
stalled.  This  can  happen,  for 
instance,  if  a  machine  crashes 
or  is  turned  off  during  the 
patch  installation  process  or 
because  of  insufficient  system 
resources  to  install  a  patch,  ac¬ 
cording  to  Cooper. 

In  such  cases,  Windows  Up¬ 


date  is  fooled  into  thinking  the 
system  is  patched  because  all 
it’s  using  to  verify  the  exis¬ 
tence  of  a  patch  is  the  associ¬ 
ated  registry-key  information, 
Cooper  said.  It’s  for  this  rea¬ 
son  that  other  patch  manage¬ 
ment  products  look  for  patch- 
specific  file  information  in  ad¬ 
dition  to  registry-key  informa¬ 
tion  when  verifying  the  exis¬ 
tence  of  a  patch,  he  said. 

On  the  Defensive 

Stephen  Toulouse,  a  security 
program  manager  at  Micro¬ 
soft,  dismissed  Cooper’s 
claims  and  insisted  that  Win¬ 
dows  Update  has  “for  several 
months”  been  checking  for 
file  versions  in  addition  to 
registry  keys  when  scanning 
for  patches. 

Citing  the  patch  for  the  lat¬ 
est  Windows  remote  proce¬ 
dure  call  vulnerability  (MS03- 
026),  Toulouse  said  there  have 
been  “tens  of  millions  of  suc¬ 
cessful  implementations  of 
this  patch,  and  we  haven’t 


heard  of  a  situation  where 
customers  think  they  have  in¬ 
stalled  the  patch  and  then  find 
out  they  haven’t.” 

Toulouse  added  that  the 
method  Cooper  used  to  dem¬ 
onstrate  the  problem  was  a 
highly  unlikely  and  “artificial” 
scenario. 

“It  is  entirely  possible  to  try 
and  make  something  fail,” 
Toulouse  said.  “The  question 
is,  how  realistic  is  the  sce¬ 
nario?” 

Windows  Update  is  check¬ 
ing  file  versions  for  the  latest 
patch  relating  to  the  Windows 
vulnerability  that  Blaster  took 
advantage  of,  Cooper  said. 

But  the  same  isn’t  true  for  all 
patches,  he  claimed. 

“There  are  many  other  seri¬ 
ous  security  vulnerabilities 
that  are  addressed  by  other 
Microsoft  patches  that  can  be 
spoofed  by  simply  writing  a 
registry  value,”  according  to 
one  security  expert,  who  re¬ 
quested  anonymity. 

As  of  Aug.  13,  patches  for  at 
least  three  critical  vulnerabili¬ 
ties  announced  this  year  could 
be  spoofed  using  registry  keys, 
according  to  the  source. 

At  least  one  user  has  given 
up  on  Windows  Update  alto¬ 
gether.  Vivek  Kundra,  director 
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Blaster 

everything  else  to  go  take  care 
of  [patching].  And  the  reality 
is,  we  only  have  a  finite 
amount  of  resources”  to  do 
that,  Jahne  said. 

Banner  had  to  patch  more 
than  500  servers  and  8,000 
workstations  to  protect  itself 
against  the  vulnerability  that 
Blaster  exploited.  “I  can  tell 
you,  it’s  been  one  heck  of  an 
effort  on  a  lot  of  people’s  part 
to  do  that,”  Jahne  added. 

For  the  longer  term,  Banner 
is  studying  the  feasibility  of 
partitioning  its  networks  in 
order  to  minimize  the  effect 
of  vulnerabilities,  he  said. 

Adding  to  the  patching 
problem  is  the  fact  that  com¬ 
panies,  especially  larger  and 
more  distributed  ones,  need 
time  to  properly  test  each 
patch  before  they  can  deploy 


it,  said  Art  Manion,  an  Inter¬ 
net  security  consultant  at  the 
CERT  Coordination  Center  at 
Carnegie  Mellon  University 
in  Pittsburgh. 

That’s  because  patches 
haven’t  always  worked  or  have 
broken  the  applications  they 
were  meant  to  protect,  said 
Marc  Willebeek-LeMair,  chief 
technology  officer  at  Tipping- 
Point  Technologies  Inc.,  an 
Austin-based  vendor  of  intru¬ 
sion-prevention  products. 

Companies  also  need  to 
schedule  downtime  in  ad¬ 
vance  to  deploy  such  patches, 
said  Kevin  Ott,  vice  president 
of  technology  at  Terra  Nova 
Trading  LLC,  a  Chicago-based 
financial  services  firm. 

“We  work  in  a  24-by-7  envi¬ 
ronment,  so  there  is  a  limited 
scope  for  downtime”  in  which 
to  deploy  patches,  he  said. 

But  the  stunning  quickness 
at  which  Blaster  exploited 
Windows’  remote  procedure 


call  vulnerability  is  a  sign  that 
companies  are  going  to  have 
to  respond  to  new  threats 
even  faster  than  they  do  today, 
said  Chuck  Adams,  chief  secu¬ 
rity  officer  at  NetSolve  Inc., 
an  IT  services  company  in 
Austin. 

Although  worms  such  as 
SQL  Slammer  didn’t  appear 
until  eight  months  after  the 


[Three  or  four 
days]  is  not 
going  to  work  any 
longer.  I  need  some¬ 
thing  that  can  cut 
the  process  down 
to  a  few  hours,  if 
not  minutes. 


VIVEK  KUNDRA,  DIRECTOR  OF 
INFRASTRUCTURE  TECHNOLOGIES, 
ARLINGTON  COUNTY,  VA. 


vulnerability  was  announced, 
Blaster  was  released  in  just 
one  month,  Adams  said. 

That  means  companies  will 
need  to  somehow  find  ways  to 
lessen  the  time  it  takes  to  test 
and  deploy  patches,  said  Vivek 
Kundra,  director  of  infrastruc¬ 
ture  technologies  for  Arling¬ 
ton  County,  Va.  Currently, 
Arlington  County  needs  about 
three  or  four  days  to  push  out 
patches  across  its  networks. 

“[Three  or  four  days]  is  not 
going  to  work  any  longer,” 
Kundra  said.  “I  need  some¬ 
thing  that  can  cut  the  process 
down  to  a  few  hours,  if  not 
minutes.” 

The  county  is  looking  at 
outsourcing  its  patch  manage¬ 
ment  process  to  a  third  party. 
Also  under  consideration  is  a 
plan  to  adopt  a  more  automat¬ 
ed  process  for  testing  and  de¬ 
ploying  software  patches, 
Kundra  said. 

“Sometimes  [patching]  can 
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Blaster  to  Target 
Windows  Update 

■  A  distributed  denial-of-service 
attack  against  Microsoft’s  Win¬ 
dows  Update  site  may  start  on 
Aug.  16. 

>  *••*»•#»•••••♦••••••••»«••»• 

d  a  The  attack  could  cause  Internet 
S=  disruptions  beginning  that  day. 
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jjp  ■  Starting  Jan.  1, 2004,  the 
o  worm  will  switch  to  cyclic  be- 
£  havior  in  which  it  attacks  the 
z  Microsoft  site  from  the  16th  of 
5  each  month  to  the  end  of  the 
S  month.  On  the  remaining  days, 

R  it  will  scan  for  other  vulnerable 
£  systems. 
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of  infrastructure  technologies 
for  Arlington  County,  Va.,  last 
week  said  his  department  had 
problems  using  the  Windows 
Update  server  technology  to 
deploy  the  patches. 

Although  the  county  gov¬ 
ernment  began  the  process  us¬ 
ing  Microsoft’s  Windows  Up¬ 
date  process,  it  had  to  aban¬ 
don  the  approach  because  the 
patches  didn’t  always  deploy 
properly  on  the  county’s  3,500 
workstations.  As  a  result,  it 
switched  to  Novell  Inc.’s  ZEN- 
works  to  distribute  the  patch¬ 
es,  Kundra  said.  > 


be  more  an  art  than  a  sci¬ 
ence,”  said  Hugh  McArthur, 
information  systems  security 
officer  at  Online  Resources 
Corp.,  a  McLean,  Va.-based 
application  service  provider 
for  more  than  500  financial 
institutions. 

“There  will  be  times  when 
you  may  need  to  make  a  judg¬ 
ment  call  balancing  risk,  ap¬ 
propriate  testing  [and]  miti¬ 
gating  factors,”  he  said. 

Even  so,  patching  remains 
the  best  available  option,  ac¬ 
cording  to  Bruce  Blitch,  CIO 
at  Tessenderlo  Kerle  Inc.,  a 
multinational  chemical  com¬ 
pany  with  U.S.  headquarters  in 
Phoenix. 

“Everyone  would  no  doubt 
agree  that  having  completely 
error-  and  exploit-proof  code 
would  be  the  most  desirable 
situation,”  Blitch  said.  In  the 
absence  of  that,  he  said,  “we’re 
convinced  that  [patching]  is 
the  best  strategy.”  > 
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'Our  Video  on  Demand  (VOD) 
servers  are  air  cooled  from  front  to 
back.  The  APC  racks  that  house  the 
InfraStruXure" are  also  designed  to  cool 
from  front  to  back.  So  the  same  racks 
can  effectively  house  our  power  system 
and  our  servers." 

Vince  Pombo,  Vice  President  of  Engineering 
Rich  Flanders,  Director  of  Engineering 
Time  Warner  Cable. 


Are  you  ready  to 
reduce  power 
densities  in  your 
rack  with  an 
efficient,  cost-saving 
power  and  cooiing 
solution  that  A 


ensures 

availability? 


More  and  more  IT 
professionals  are  changing 
from  legacy  systems  to  a 
new  integrated  power  and 
cooling  solution. 


See  the  next  page 


for  more. 
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Mohegan  Sun  Puts  Its  Chips  on 
Customer  Retention  Technology 


Casino  evaluates  funds 
transfer  and  blackjack 
surveillance  systems 

BY  THOMAS  HOFFMAN 

UNCASVILLE.  CONN. 

The  Mohegan  Sun  casino  next  month 
plans  to  begin  testing  two  technologies 
that  officials  at  the  gaming  resort  hope 
will  help  lower  costs  and  improve  its 
customer  retention  rates  and  profit 
margins. 

In  one  project,  Mohegan  Sun  will  in¬ 
stall  automated  funds  transfer  (AFT) 
technology  on  300  to  400  of  the  high- 
roller  slot  machines  in  its  two  casinos 
here.  The  technology  is  based  on  soft¬ 
ware  from  Advanced  Casino  Systems 
Corp.  in  Egg  Harbor  Township,  N.J., 
and  will  let  slots  players  establish 
credit  with  the  casino  and  then  use 
magnetic  cards  to  download  all  or  part 
of  those  funds  into  a  slot  machine. 

The  second  test  involves  a  video 
surveillance  and  data-collection  sys¬ 
tem  that  will  be  installed  at  10  of  Mo¬ 
hegan  Sun’s  130  blackjack  tables.  Black¬ 


jack  players  will  be  able  to  swipe  their 
casino  cards  through  readers  built  into 
chair  armrests,  and  the  system  will 
track  the  size  and  frequency  of  their 
bets  and  integrate  the  data 
into  a  player  rating  system 
that  runs  on  an  IBM  AS/400 
server. 

Mohegan  Sun  expects  sev¬ 
eral  benefits  from  the  AFT 
system,  CIO  Daniel  Garrow 
said  this  month  in  an  inter¬ 
view.  Currently,  if  a  slots 
player  wins  a  jackpot  of 
more  than  $1,200,  the  ma¬ 
chine  locks  up  while  he  is 
asked  to  fill  out  a  form  for 
the  Internal  Revenue  Ser¬ 
vice.  But  with  the  AFT  technology,  “we 
can  allow  the  player  to  keep  playing, 
since  they’re  not  withdrawing  the 
funds  right  away,”  he  said. 

Patricia  Wright,  an  analyst  at  Fitch 
Ratings  Ltd.  in  New  York,  said  casinos 
that  have  installed  so-called  ticket-in, 
ticket-out  technologies  have  realized 
“good  savings,  since  there’s  less  down¬ 
time  on  slot  machines  because  they 


don’t  have  to  refill  them  constantly.” 

The  blackjack-table  monitoring  sys¬ 
tem  that  Mohegan  Sun  plans  to  test 
was  developed  by  MindPlay  LLC  in 
Bellevue,  Wash.  Pattern-recognition  al¬ 
gorithms  analyze  betting  images  cap¬ 
tured  by  video  cameras  to  determine 
chip  denominations  and  gamblers’  wa¬ 
ger  amounts,  said  MindPlay.  The  data 
collected  from  the  table  is 
sent  to  a  MindPlay  server 
and  can  be  integrated  with  a 
casino’s  player  rating  system. 

The  monitoring  system 
will  not  only  help  Mohegan 
Sun  root  out  players  who  are 
counting  cards  but  also  help 
it  generate  more  accurate 
player  ratings  than  its  current 
approach,  which  relies  on  pit 
managers,  Garrow  said.  More 
accurate  ratings  could  pre¬ 
vent  Mohegan  Sun  from  ex¬ 
tending  more  credit  to  high  rollers 
than  it  needs  to,  thus  saving  the  casino 
money,  he  added. 

If  the  casino  decides  to  roll  out 
MindPlay’s  system  at  all  of  its  black¬ 
jack  tables,  the  total  cost  could  be 
about  $3  million,  Garrow  said.  But 
Wright  said  that  similar  table-surveil¬ 
lance  systems  are  among  the  hottest 
technologies  casinos  are  deploying.  ) 


DANIEL  GARROW 

says  Mohegan  Sun 
will  provide  better 
customer  service 
with  its  AFT  system. 


Soviet  Skills  Draw  R&D  Work 


BY  PATRICK  THIBODEAU 

The  U.S.  IT  industry  is  tapping  into 
the  technological  prowess  of  the  for¬ 
mer  Soviet  Union,  which  is  emerging 
as  a  research  and  development  center 
for  software  and  telecommunications 
companies,  a  recent  report  by  Ab¬ 
erdeen  Group  Inc.  has  found. 

But  the  region’s  software  develop¬ 
ment  skills,  which  can  be  accessed  at  a 
cost  well  below  U.S.  rates,  is  also  ap¬ 
pealing  to  managers  of  non-IT  firms. 
Craig  Maccubbin,  vice  president  of 
technology  at  online  travel  service 
LasVegas.com,  is  one  of  them. 

“Many  [Russian  developers]  are  ex- 
Soviet  military  technologists  and  pro¬ 
grammers,  and  because  of  that,  they 
have  had  classical  training  in  software 
development,”  he  said.  “They  are  so 
disciplined  that  there  is  almost  a  level 
of  inflexibility  to  their  approach.”  But, 
Maccubbin  added,  that  level  of  disci¬ 
pline  also  “helps  the  process  of  work¬ 
ing  with  them  immensely.” 

Boston-based  Aberdeen  found  that 
IT  vendors  are  Russia’s  largest  off¬ 
shore  contingent,  accounting  for  about 
three-fourths  of  all  the  offshore  work 


done  there,  said  analyst  Stephen  Lane, 
who  wrote  the  report. 

IT  companies  are  setting  up  devel¬ 
opment  centers  in  Russia  to  help  build 
a  market  there  and  to  utilize  Russian 
talent  for  high-end  development. 

“What  they  do  have  is  a  culture  that 
is  focused  on  problem-solving  and  fo¬ 
cused  on  using  technology  in  an  innov¬ 
ative  fashion,”  Lane  said.  But  “there  is 
not  a  Russian  company  out  there  that 
can  compete  with  an  Indian  company 
in  terms  of  scale  or  scope,”  he  added. 


Russia  Resources 

PROS 

i  Low  cost 

Disciplined,  skilled  developers 
n  Focus  on  innovative  problem-solving 
■  Talent  for  high-end  development 

Inflexible  culture 
Lack  of  government  investment 


Maccubbin  uses  Epam  Systems  Inc., 
a  services  provider  in  Princeton,  N.J., 
that  has  operations  in  Moscow  and 
Minsk,  Belarus.  He  said  he  relies  on  the 
development  workers  in  Minsk  to  build 
and  maintain  most  of  the  Web  site’s 
back-end  functions.  But  the  customer¬ 
facing  aspects,  such  as  graphic  design 
work  and  other  “defining  characteris¬ 
tics,”  are  handled  in  the  U.S.  “You  can’t 
outsource  that  to  anybody,”  he  said. 
Developers  in  the  U.S.  charge  about 
$38  per  hour,  while  the  Russian  per- 
hour  rate  is  up  to  $20  less,  he  added. 

Bob  Pryor,  who  heads  Cap  Gemini 
Ernst  &  Young’s  outsourcing  services 
in  New  York,  agreed  that  Russia’s 
workers  have  advanced  technological 
skills.  However,  he  said,  the  country 
will  remain  a  small  part  of  the  offshore 
outsourcing  market  because  its  gov¬ 
ernment  isn’t  developing  the  industry. 
“I  don’t  see  any  significant  investment 
for  new  skills  and  capabilities,”  he  said. 

Marc  Herbet,  executive  vice  presi¬ 
dent  of  Sierra  Atlantic  Inc.,  an  applica¬ 
tion  management  company  in  Fremont, 
Calif.,  that  runs  an  offshore  center  in 
India,  said  Russia  may  well  take  off  as 
an  offshore  outsourcing  center  if  Euro¬ 
peans  begin  embracing  offshore  work, 
particularly  because  of  the  proximity.  I 
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Are  you  set  to  save  space 
and  minimize  installation 
and  maintenance  costs 
with  a  modular  manageable, 
pre-engineered  architecture? 


They  Are. 
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“If  I  had  purchased  the  incumbent 
vendors  3-phase  upgrade  model, 

I  would  have  paid  75%  more  in  service 
costs  over  the  next  four  years  and 
I  would  have  had  to  utilize  50%  more 
of  my  precious  floor  space. " 

Captain  Timothy  Riley 

Support  Services  Division 

City  of  Newport  Beach  Police  Department 


Many  IT  professionals  have  switched 
from  an  inflexible  proprietary  system  to 
network  critical  physical  infrastructure. 
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InfraStruXure"1 
is  the  Key  to 
Stronger  NCPI 

by  Russell  Senesac 

InfraStruXure  Product  Manager 


APC  InfraStruXure™  architecture  is  the  industry's 
new  benchmark  for  on-demand  network-critical 
physical  infrastructure  (NCPI).  The  foundation  of  IT 
networks,  NCPI  consists  of  power,  power  distribu¬ 
tion,  racks,  cabling,  cable  distribution,  cooling,  and 
cooling  distribution.  Strong  NCPI  defends  your  IT 
networks  against  security  and  availability  problems. 

Complementing  these  benefits  of  strong  NCPI  is 
InfraStruXure's  open,  adaptable,  integrated  ap¬ 
proach,  which  ensures  optimal  performance  and 
lower  upfront  and  operating  costs.  InfraStruXure 
fully  integrates  power,  cooling,  management  and 
services  within  a  rack-optimized  design. 

Power 

InfraStruXure  architecture  features  rack-optimized, 
intelligent  UPSs  and  power  distribution  units  that 
are  highly  manageable,  modular,  and  pre-engineered 
to  meet  the  demands  of  the  smallest  wiring  closet  to 
the  largest  data  center. 

Cooling 

Cooling  solutions  designed  for  InfraStruXure  are 
extremely  flexible,  fitting  almost  any  data  environment 
as  though  custom-made,  but  without  the  extensive  engi¬ 
neering  that  traditional  cooling  systems  require. 

Management 

InfraStruXure  boasts  the  industry’s  only  fully  integrated 
power  management  solution.  Monitor  the  elements  of 
your  data  center,  understand  how  your  InfraStruXure  is 
performing  and,  when  necessary,  take  action  remotely  to 
ensure  service  levels  are  met — all  from  a  Web  browser  on 
your  desktop  computer.  You’ll  be  able  to  maximize  avail¬ 
ability  through  system-level  proactive  management. 
InfraStruXure  management  solutions  are  easy  to  use  and 
require  little  to  no  training. 

Services 

A  full  menu  of  professional  services,  performed  by 
APC  Global  Services  experts,  supports  your 
InfraStruXure  architecture.  Whether  building  a  new 
installation  or  retrofitting  InfraStruXure  into  your 
existing  IT  environment,  a  range  of  services  is  able  to 
meet  your  specific  needs.  Factory-trained  professionals 
commission  the  elements  of  your  InfraStruXure, 
understand  how  it  is  performing  and,  when  necessary, 
take  action  to  ensure  optimal  service  levels  are  met. 

The  Result 

With  InfraStruXure,  you  get  the  reliability,  afford¬ 
ability  and  predictability  of  standard  solutions,  yet 
completely  customized  for  your  specific  problems. 
As  your  requirements  change,  InfraStruXure  easily 
adapts,  allowing  you  to  build  out  or  scale  back 
capacity  as  it  is  required.  ■ 

FREE  White  Paper  and  Infrastructure™  Brochure 
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Stop  hesitating. 

You've  been  given  the 
green  light  to  ensure  the 
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It  can  make 
your  Web  apps  three 
times  faster. 


Visual  Studio  .NET  can  help  you  with  (nearly)  every  part  of  your  job.  Your  Web  applications  just  got  faster.  ASP.NET,  the 


Web  application  environment  in  Visual  Studio  .NET,  offers  dramatically  improved  performance  over  classic  ASP.  Here’s  how 


B  Compiled  Page  Execution  ASP.NET  pages  are  compiled  once  and  cached  in  memory  instead  of  being  interpreted  each  time 


the  page  is  requested.  B  Rich  Output  Caching  ASP.NET's  caching  features  quickly  retrieve  database  queries,  full  pages  (or  parts 
of  pages),  and  objects  from  memory  for  improved  app  performance.  B  Crash  Protection  Web  applications  can’t  be  fast  if  they’re 


‘Connect  time  fees  may  apply.  The  Nile  Application  Benchmark  is  a  Doculabs/Ziff  Davis  e-commerce  benchmark  that  represents  a  complete,  end-to-end,  e-commerce  application  with  realistic,  heavy  user  loads  placed  on  the  system.  See 
nVsdn.microsoft.com/vstudlo/trylt  for  complete  details.  •£>  2003  Microsoft  Corporation.  All  rights  reserved.  Microsoft.  the-.NET  logo.  Visual  Studio,  the  Visual  Studio  logo,  and  Windows  am  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in 
in*: ) f ftt oistat^ahd/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


It  can’t  tell  you 
whether  this  is  meatlo 
or  lasagna. 


NILE  BENCHMARK 
8-CPU  PEAK  THROUGHOUT 


down.  Duh.  So  ASP.NET  automatically  detects  and  recovers  from  errors  like  deadlocks  so 
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your  application  is  always  available.  And  now  the  newly  released  Visual  Studio  .NET  2003  is 


here  for  building  and  deploying  even  faster  and  more  stable  applications.  Try  it  now:  log 


on  to  a  fully  featured,  free*  online  hosted  session  and  get 
more  information  at  msdn.microsoft.com/vstudio/tryit 


Microsoft- 

VisualStudio.net 
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Untrustworthy  Computing 


W 


E  ALL  KNEW  IT  was  coming,  didn’t 
we?  There  was  no  surprise  when  the 
Blaster  worm  began  its  Internet  ram¬ 
page  last  week. 


This  latest  crippling 
attack  was  launched 
against  yet  another  secu¬ 
rity  hole  in  Windows.  We 
were  warned  a  month 
ago,  remember?  Right 
around  the  time  Micro¬ 
soft  was  giddily  signing 
a  $90  million  enterprise 
software  deal  with  the 
U.S.  Department  of 
Homeland  Security  (oh, 
the  irony),  it  was  sol¬ 
emnly  warning  that  three 
serious  new  flaws  had  been  discov¬ 
ered  in  Windows. 

One  of  those  babies  was  destined 
to  be  exploited  by  the  now-infamous 
Blaster  (a.k.a.  Lovsan),  a  pernicious 
self-propagating  worm  that  has  in¬ 
fected  more  than  100,000  systems 
worldwide.  Homes  and  businesses 
alike  have  been  hit,  their  computers 
repeatedly  shutting  down.  The  wave 
of  massive  inconvenience  and  frus¬ 
tration  has  gotten  TV,  radio  and 
newspaper  coverage  everywhere. 
Another  black  eye  —  not  just  for  Mi¬ 
crosoft,  but  for  the  technology  indus¬ 
try,  too.  When  it’s  not  spam  clogging 
your  e-mail,  it’s  a  barrage  of  viruses 
and  worms  disabling  your  PC. 

The  cure  was  almost  as  bad  as  the 
disease.  Updated  virus  protection 
definitions  (a  bit  sluggish  in  making 
their  appearance  from  the  major  se¬ 
curity  vendors)  had  to  be  down¬ 
loaded  and  installed  in  a  global  IT 
fire  drill.  Since  all  versions  of  Win¬ 
dows  XP,  2000,  NT  4  and  Windows 
Server  2003  carry  this  flaw,  they  also 
had  to  be  patched  ASAP.  Did  your 
IT  department  have  better  things  to 
do  last  week?  Tough  luck,  huh? 

“The  thing  about  patching  is  that 
it  is  so  darn  reactive.  And  that  can 
kill  you,”  Dave  Jahne,  a  senior  secu¬ 
rity  analyst  at  Banner  Health  System 
in  Phoenix,  told  our  reporter  [Quick- 
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Link  40608].  “You  need 
to  literally  drop  every¬ 
thing  else  to  go  take  care 
of  patching.” 

Even  worse  —  as  if 
things  could  be  —  is  that 
the  Microsoft  patches 
aren’t  even  considered 
trustworthy  enough  to 
roll  into  a  production  en¬ 
vironment  without  addi¬ 
tional  quality  testing.  In 
Arlington  County,  Va., 
for  example,  the  IT  staff 
ran  into  deployment  problems  last 
week  while  using  Windows  Update 
server  technology  and  switched  to 
Novell’s  ZENworks  so  that  staffers 
could  automatically  distribute  the 
necessary  patches,  said  Vivek  Kun- 
dra,  director  of  infrastructure  tech¬ 
nologies. 

Among  the  many  IT  professionals 
watching  this  wormy  nightmare  un¬ 
fold  was  Carl  Ness,  distributed  in¬ 
formation  systems  coordinator  at 
Clarke  College  in  Dubuque,  Iowa. 

He  e-mailed  me  with  a  straightfor¬ 


ward  but  difficult  question:  Why? 

“Why  aren’t  people,  especially  at 
the  chief  executive  level,  asking: 
‘Why  are  we  still  using  this  stuff?’  ” 
Ness  wanted  to  know.  “If  these 
problems  were  at  this  level  for  any 
other  operating  system,  executives 
would  have  demanded  that  it  be 
ripped  out  and  replaced.” 

A  longtime  Novell  and  Unix  user, 
Ness  has  33  servers  in  production  at 
the  1,200-student  college,  and  only 
half  a  dozen  of  those  run  Windows. 
Yet  he  finds  it  maddening  that  dis¬ 
ruptions  like  the  Blaster  worm  are 
becoming  business  as  usual.  “We 
should  not  accept  the  phrase,  ‘Well, 
it’s  Microsoft,  we  just  have  to  put  up 
with  it,’  ”  Ness  said,  contending  that 
IT  pros  need  to  push  their  managers 
harder  to  consider  alternatives  to 
Microsoft.  Where  is  the  tipping 
point  for  your  company?  How  much 
more  business  disruption  can  you 
sustain? 

Even  the  little  snot  who  launched 
the  Blaster  worm  zeroed  in  on  Mi¬ 
crosoft’s  software  quality  failings 
with  this  message  embedded  in  the 
code:  “billy  gates  why  do  you  make 
this  possible?  Stop  making  money 
and  fix  your  software.” 

That  might  be  the  answer  —  if 
only  he  could.  I 


wwwrjklossner. com 


PIMM  FOX 

Rxfor 

Integration 

LIKE  AN  off-the-rack  suit, 
hugely  integrated,  tight¬ 
ly  coupled  application 
suites  give  you  little  room  for 

customization  or  extension. 

The  problem  with  business  process 
integration,  as  adroitly  described  by 
Greg  Grosh,  founder  and  vice  president 
of  Data  Junction  Corp.  in  Austin,  is  that 
you  can’t  connect  your  mighty  applica¬ 
tion  to,  say,  a  customer’s  SAP  system, 
because  each  installation  is  unique  and 
requires  discrete  connectors. 

This  condition  is  forcing  a  re-evalua¬ 
tion  of  business-process  integration. 

It’s  no  longer  a  consultant-led,  money¬ 
draining  cornucopia  of  solutions  de¬ 
signed  to  satisfy  every  possible  sce¬ 
nario. 

Sorry,  there’s  no 
one-size-fits-all  sil¬ 
ver  bullet.  Instead, 
you  have  to  opt  for 
more  flexible  and  or¬ 
ganic  solutions  that 
don’t  require  a  com¬ 
plete  reworking  of 
your  core  data  or  ap¬ 
plications.  Integra¬ 
tion  tools  that  work 
at  the  edge  of  your 
IT  organization  solv¬ 
ing  real  problems  (without  the  atten¬ 
tion  of  high-cost  IT  coders)  are  the  or¬ 
der  of  day. 

Here  are  some  reasons  why. 

First,  you  can’t  afford  to  hire  a  passel 
of  IT  consultants  to  camp  out  in  your 
offices  while  your  workforce  clamors 
for  a  basic  fix  to  let  one  application 
connect  to  another. 

“Business-process  integration  should 
be  straightforward,”  says  Grosh.  “It’s 
having  two  different  apps  or  processes 
that  you  want  to  act  as  one.”  And  you 
can’t  afford  to  wait  until  the  vendor 
gets  around  to  developing  the  perfect 
integration  package. 

Second,  stop  the  abstractions,  those 
layers  of  access  for  programmers.  You 
shouldn’t  face  a  new  application  pro¬ 
gramming  interface  every  time  you 
want  to  do  something  small.  There’s 
no  need  to  accept  the  burden  of  drilling 
down  into  —  and  then  adding  onto  — 
the  heart  of  your  IT  operation  in  order 
to  align  one  application  with  another. 

Third,  there  is  change  and  failure. 
Any  worthwhile  integration  solution 
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recognizes  the  necessity  of  changes  to 
the  IT  environment  on  at  least  one 
side;  you,  your  partner  or  your  cus¬ 
tomer  will  change  something  in  an  ap¬ 
plication.  Your  integration  strategy 
must  incorporate  the  costs  for  quick 
implementation  of  changes  or  for  fixes 
of  broken  connections. 

“People  in  accounts  payable  should 
be  able  to  work  with  integration  tools 
to  make  changes  to  a  [purchase  order],” 
Grosh  claims.  “You  shouldn’t  have  to 
hire  a  $400-an-hour  consultant.” 

A  hint  for  considering  a  vendor:  Ask 
where  its  revenue  comes  from  —  soft¬ 
ware  sales  or  service?  That  tells  you 
where  your  money  will  go. 

Integration  tools  need  to  be  simple, 
leave  small  footprints  and  operate  on 
multiple  systems  without  reconfigura¬ 
tion  —  that’s  something  everyone  can 
appreciate.  I 

MICHAEL  GARTENBERG 

Mac  Myths 
And  IT 

IF  YOURS  IS  LIKE  most  IT 
departments,  you  proba¬ 
bly  aren’t  deploying  Mac¬ 
intosh  systems  in  large  num¬ 
bers.  And  if  you’re  deploying 

them  at  all,  you’re  doing  so  in  niche 
spaces  such  as  graphic  arts,  multi- 
media  and  publishing. 

But  the  truth  is  that  Mac  OS  has 
changed  quite  a  bit  in  the  past  few 
years,  and  today’s  Apple  systems  offer 
a  reasonable  alternative  to  Wintel  sys¬ 
tems  for  many  mainstream  uses  and 
are  often  best-of-breed  tools  for  tasks 
such  as  desktop  publishing,  multime¬ 
dia  and  other  content  creation.  OS  X, 
code-named  Jaguar,  and  the  recently 
announced  successor  called  Panther 
are  rock-solid  Unix  at  the  core,  with 
Apple’s  elegant  user  interface  on  top. 
But  if  you  plan  on  deploying  them, 
you’ll  need  to  overcome  your  precon¬ 
ceptions  regarding  three  myths  about 
the  Mac  that  still  linger. 

The  first  myth  is  that  Apple  comput¬ 
ers  are  expensive  relative  to  their  PC 
cousins.  Though  Apple  is  certainly  not 
a  discount  brand  and  will  almost  never 
offer  the  cheapest  computers  available, 
Macs  are  certainly  price-competitive 
with  PCs.  Users  do  pay  some  premium 
for  both  the  Apple  brand  and  the  inno¬ 
vation  that  goes  into  the  company’s  of¬ 
ten  brilliant  hardware  design,  but  the 
premium  isn’t  out  of  line  with  what 
users  already  pay  for  name-brand  sys¬ 


tems  from  vendors  such  as 
Sony,  Hewlett-Packard  or 
IBM.  In  many  cases,  compa¬ 
rable  Apple  systems  are 
priced  similarly,  and  in  some 
cases  they’re  even  cheaper 
than  the  competition. 

The  second  myth  is  that 
there’s  a  lack  of  software 
available.  Although  OS  X 
doesn’t  offer  the  sheer  num¬ 
ber  of  titles  that  Windows 
offers,  there’s  an  abundance 
of  business  software  for  the 
Macintosh.  In  some  mar¬ 
kets,  such  as  content  cre¬ 
ation,  there’s  actually  more 
software  available  for  the  Mac.  In  addi¬ 
tion,  Microsoft  offers  a  complete  and 
compatible  version  of  Office  for  the 
Macintosh,  so  knowledge  workers  can 
easily  share  documents  and  communi¬ 
cate  with  colleagues  across  operating 
systems.  Apple’s  support  of  Web-based 
Internet  standards  means  most  Inter- 


net-based  applications 
will  simply  run  without 
modification.  The  occa¬ 
sional  lack  of  a  specific  ap¬ 
plication  might  hold  back 
some  deployments,  but 
most  organizations  will 
never  hit  that  wall. 

The  third  myth  is  that 
Apple  architectures  are 
based  on  proprietary  pro¬ 
tocols.  Though  that  was 
certainly  true  in  the  past, 
it  isn’t  an  accurate  portray¬ 
al  of  Apple  today.  Now, 

Mac  OS  is  one  of  the  most 
standards-driven  operat¬ 
ing  systems  you  can  purchase.  From 
MPEG  4  support  in  QuickTime  to  full 
TCP/IP  support  for  networking  and 
Wi-Fi  protocols  for  wireless  access, 
Macs  are  a  seamless  fit  for  most  orga¬ 
nizations’  infrastructure.  (Apple  was 
actually  the  first  operating  system  ven¬ 
dor  to  bundle  TCP/IP  support  into  a 


commercial  operating  system.) 

Does  this  mean  Mac  OS  is  right  for 
your  organization?  Not  necessarily.  But 
it  does  mean  your  organization  has 
more  viable  choices  for  desktop  sys¬ 
tems  than  you  might  have  thought. 
Certainly,  deploying  Mac  OS  in  areas 
that  depend  heavily  on  content  cre¬ 
ation  makes  good  sense,  but  there  are 
probably  other  places  that  could  bene¬ 
fit  as  well.  Most  IT  departments 
lament  the  lack  of  choice  among  desk¬ 
top  operating  systems.  The  truth  is 
that  there  are  choices  out  there,  and  vi¬ 
able  ones  at  that.  IT  departments  that 
can  overcome  their  traditional  preju¬ 
dices  against  Apple  may  well  discover 
that  there’s  a  new  PowerBook  or  G5  in 
their  future,  and  once  they  do,  they 
may  never  go  back  to  Windows.  I 

WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 
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Outsourcing  Angst 

Does  this  GET  your  blood  boil¬ 
ing  like  it  does  mine  [“Gartner 
Says  5%  of  Corporate  IT  Jobs 
Could  Go  Offshore  by  2005,”  Quick- 
Link  40344]?  I  see  the  accelerating 
trend  of  outsourcing  American  jobs 
as  shortsighted,  displacing  not  only 
today's  job  but  tomorrow’s  as  well, 
all  to  reduce  corporate  expenditures 
so  that  management  can  line  their 
pockets  today. 

Olan  Knight 

Senior  programmer/analyst, 
Dallas 


Labor  on  the  Cheap 

N  HER  LETTER  Of  July  21 

[QuickLink  39592],  Linda  Kil- 
crease  asks,  “Why  not  instead  hire 
the  hundreds  of  thousands  of 
skilled,  permanently  laid-off  U.S. 
workers  who  have  lost  their  jobs 
because  of  the  H-1B  and  L-1  visas, 
and  really  benefit  the  U.S.?”  The 
first  thing  to  point  out  is  that  H-1B 
and  L-1  visa  holders  pay  U.S.  taxes 
just  as  U.S.  citizens  do,  so  where  is 
the  benefit  to  the  U.S.? 

The  statement  that  cheap  labor 
is  the  only  reason  to  want  foreign 
workers  in  the  U.S.  is  flawed.  There 
is  another  very  good  reason  to  do 
this:  better  and  more  appropriate 
skills.  I  have  lived  and  worked  in  the 
U.S.  for  six  years  now,  and  I  have  all 


too  often  encountered  the  “not  my 
job”  mentality  in  the  IT  arena.  There 
is  also  a  reluctance  to  take  any  ini¬ 
tiative.  I  don’t  place  all  the  blame  for 
this  on  the  workforce:  a  manage¬ 
ment  ethos  of  wanting  to  point  fin¬ 
gers  and  apportion  blame  is  far  too 
prevalent  in  many  U.S.  businesses, 
and  this  naturally  results  in  overly 
cautious  staff.  Don’t  blame  over¬ 
seas  workers  for  taking  advantage 
of  the  chances  that  come  their  way. 
I,  for  one,  am  actually  earning  less 
here  in  the  U.S.  than  I  could  in  other 
countries,  but  I  choose  to  live  here. 
Whereas  I  don't  necessarily  consid¬ 
er  myself  cheap  labor,  I  do  agree 
that  I  am  worth  a  lot  more  than  I  am 
being  paid.  But  who  doesn’t? 

Kevin  E.  Ferguson 
Lead  system  programmer, 
American  National  Insurance 
Co.,  Galveston,  Texas 


Unsettled  Law 

COLUMNIST  Ari  Kaplan  has 
some  good  points,  but  he 
writes  as  if  matters  concerning  P2P 
file  sharing  are  fully  settled  [“Shar¬ 
ing  Is  Nice,  but  It’s  Also  a  Crime,” 
QuickLink  40217],  Many  of  these 
new  laws  will  have  to  be  confirmed 
by  the  courts,  and  they  will  certainly 
be  challenged  on  the  basis  of  un¬ 
constitutional  limitations  to  “fair 
use."  And  they  may  very  well  result 
in  the  correction  of  both  patent  and 


copyright  law  to  drastically  shorten 
the  time  limits  and  even  to  limit 
patents  and  copyrights  to  the  origi¬ 
nal  human  creator.  The  idea  of 
patents  and  copyrights  is  to  give 
the  originator  adequate  time  to  de¬ 
velop  and  market  a  product  before 
it  enters  the  public  domain,  but  the 
time  needed  to  do  this  has  been 
drastically  shortened  by  technolo¬ 
gy.  It  follows  that  the  time  period  for 
both  copyrights  and  patents  should 
also  be  drastically  shortened. 
Charles  J.  Lingo 
Ponchatoula,  La. 


Shaky  Driver 

AS  A  POINT  OF  INTEREST,  it 

should  be  noted  that  Micro¬ 
soft's  iSCSI  Driver  1.0  doesn’t  sup¬ 
port  dynamic  volumes  under  Win¬ 
dows  2000  or  2003  [QuickLink 
39646],  So  while  it  will  allow  ac¬ 
cess  to  basic  volumes,  these  can’t 
be  expanded  without  destroying  the 
partition,  since  creating  a  volume 
set  is  a  dynamic  disk  feature.  This 
means  its  usefulness  is  limited, 
though  the  product  documentation 
indicates  that  this  problem  will  be 
fixed  in  future  releases. 

It  should  also  be  noted  that 
testing  of  this  driver  during  a  re¬ 
cent  iSCSI  technology  evaluation 
showed  it  to  have  questionable  sta¬ 
bility  in  a  clean  build  environment 
compared  with  alternate  iSCSI  ac¬ 


cess  methods.  As  with  any  Version 
1.0  software,  my  advice  would  be  to 
tread  warily. 

Mark  Mulholland 
Senior  systems  consultant. 
Eagle  Technology  Group, 
Auckland,  New  Zealand, 
mark.mulholland@eagle.co.nz 


Patch  Cycle 

Hey,  you  all  got  what  you 
wanted  [“Latest  Vulnerability 
Includes  Windows  Server  2003," 
QuickLink  39988].  You  wanted  Mi¬ 
crosoft  over  Novell,  and  now  you’ve 
got  it.  I  sat  back  and  watched  and 
shook  my  head. 

Oops,  time  for  you  to  add  anoth¬ 
er  patch  and  reboot!  Hurry! 

Robert  J.  Ostman  Sr. 

Systems  engineer,  Severn,  Md., 
rostman@qis.net 
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The  Power  to  Know. 


customers.  So  you’ll  understand  their  needs,  enhance 
their  lifetime  value  and  achieve  greater  competitive 
advantage.  To  find  out  how  leading  companies  are 
reaping  the  rewards  of  SAS  customer  intelligence 
software,  call  1  866  270  5723  or  visit  our  Web  site. 


Corralling  Security  Data 

As  security  devices  proliferate,  admin¬ 
istrators  face  the  daunting  task  of 
collecting  and  correlating  data  from 
disparate  sources.  Vendors  offer  tools 
that  can  help,  but  customization  and 
scripting  are  still  difficult.  Page  28 


FUTURE  WATCH 

New  Spin  for  Electronics 

IBM’s  spintronics  technology  has 
already  increased  disk  drive  capaci¬ 
ties.  A  planned  semiconductor  im¬ 
plementation  may  blur  the  line  be¬ 
tween  storage  and  memory.  Page  30 


RFID  Tunes  Into 
Supply  Chains 


Outlook:  Retailers  and  their  suppliers  are 
testing  radio  frequency  identification 
tags,  but  production  apps  and  mature 

software  are  still  years  off.  By  Carol  Sliwa 


EMERGING^' 

TECHNOLOGIES 


EVERYONE  IN 

the  retail  indus¬ 
try  stopped  and 
took  notice 
when  Wal-Mart  Stores  Inc.  declared 
in  June  that  it  will  urge  its  top  100 
suppliers  to  deliver  pallets  and  cases 
equipped  with  radio  frequency  identi¬ 
fication  (RFID)  tags  by  2005.  Any  di¬ 
rective  issued  by  the  world’s  largest 
retailer  has  the  potential  to  drive 
sweeping  adoption,  and  this  particu¬ 
lar  one  could  spell  major  changes  for 
supply  chain  management. 

Wal-Mart  thinks  that  the  nascent 
technology,  which  can  automatically 
identify  a  container’s  contents  with¬ 
out  requiring  line-of-sight  scanners, 
can  help  to  reduce  the  costs  associat¬ 
ed  with  tracking  inventory. 

Given  that  Wal-Mart  moved  2.5  bil¬ 
lion  cases  through  its  distribution 
centers  during  one  six-month  period 
last  year,  it’s  not  hard  to  imagine  the 
savings  that  the  company  might  real¬ 
ize  by  reducing  the  time  and  labor 
associated  with  inventory  tracking. 

One  of  the  chief  suppliers  to  the  re¬ 
tail  industry,  Procter  &  Gamble  Co., 


Glossary 

RADIO  FREQUENCY  IDENTIFICA¬ 
TION:  A  method  of  identifying  unique 
items  using  radio  waves.  While  lasers 
must  see  a  bar  code  to  read  it,  radio 
waves  don't  require  line  of  sight  and 
can  pass  through  materials  such  as 
cardboard  and  plastic. 

TRANSPONDER:  A  radio  transmitter/ 
receiver  that’s  activated  when  it  re¬ 
ceives  a  predetermined  signal.  RFID 
tags  are  sometimes  referred  to  as 
transponders. 

PASSIVE  TAG:  An  RFID  tag  that 
doesn’t  use  a  battery.  The  tag  draws 
energy  from  an  electromagnetic  field 
created  by  the  reader. 


READER:  A  device  that  communi¬ 
cates  with  the  RFID  tag  and  passes 
digital  information  to  a  computer. 


has  another  angle.  The  Cincinnati- 
based  company  estimates  that  10%  to 
16%  of  its  products  may  be  out  of 
stock  at  any  moment.  Reducing  that 
number  by  even  10%  or  20%  could 
mean  a  revenue  boost  of  between  1% 


and  3%,  says  Larry  Kellam,  director  of 
business-to-business  supply  network 
innovation  at  the  consumer  goods 
maker.  With  over  $40  billion  in  annu¬ 
al  revenue,  that  would  translate  to 
more  than  $400  million  in  new  rev¬ 
enue. 

But  neither  suppliers  nor  retailers 
will  realize  much  benefit  until  the 
technology  overcomes  a  series  of 
technical  and  engineering  hurdles. 

For  instance,  the  tags  need  to  come 
down  in  price.  To  do  that,  manufac¬ 
turers  need  orders  for  billions  of  tags, 
and  they  need  to  improve  their  manu¬ 
facturing  processes  to  support  those 
volumes. 

Tag  readers  also  need  to  improve  in 
both  performance  and  price.  In  addi¬ 
tion,  the  software  infrastructure  to 
handle  RFID  tag  data  must  advance 
past  the  work-in-progress  stage,  and 
standards  need  to  be  established  to 
enable  different  vendors’  tags  and 
readers  to  work  together  using  a  wide 
range  of  radio  frequencies. 

“It’s  one  of  the  most  overhyped 
technologies  that  we’re  talking  about 
today,”  says  Jeff  Woods,  an  analyst  at 
Stamford,  Conn.-based  Gartner  Inc. 
“It’s  going  to  require  a  lot  of  creative 
thinking  and  hard  work  to  get  from 
vision  to  reality.” 


RFID  RESOURCE  GUIDE 

For  more  on  RFID  technology  and  a  list  of  product 
vendors,  visit  our  Web  site: 

OQuickLink  a3530 

www.computerworld.com 


SECURITY  MANAGER’S  JOURNAL 

Faulty  Rules  Foul 
Router  Protection 

Here’s  how  an  administrator’s  simple, 
time-saving  step  ended  up  voiding  a 
router  rule  —  and  left  a  corporate  LAN 
open  to  denial-of-service  attacks.  Page  32 


This  RFID  tag,  from  Rafsec  Oy  in  Tam¬ 
pere,  Finland,  contains  a  chip  (the 


small  black  square)  and  a  coiled  anten¬ 
na  that  are  connected  by  a  bridge.  The 
tag  is  about  the  size  of  a  credit  card. 


Tags  Get  Cheaper 

AN  RFID  TAG,  also  known  as  a  transpon¬ 
der,  contains  an  antenna  and  a  micro¬ 
chip  that  transmits  information  about 
the  tagged  item  to  a  reader.  The  tag 
reader  then  converts  the  radio  waves 
returned  from  the  tag  into  a  digital 
form  that  can  be  passed  to  computer 
systems. 

The  technology  has  been  used  for 
years  to  track  animals,  collect  tolls  on 
highways  and  grant  access  to  buildings. 
But  cost  has  kept  RFID  tags  from  being 
used  on  a  large  scale  to  identify  and 
track  goods  in  the  retail  supply  chain. 

P&G’s  Larry  Kellam  says  tags  were  a 
dollar  apiece  in  1999  when  the  compa¬ 
ny  began  looking  at  RFID  technology 
to  curb  counterfeiting  and  retail  theft 
and  reduce  out-of-stock  situations.  So 
P&G  joined  The  Gillette  Co.  and  Uni¬ 
form  Code  Council  Inc.  as  founding 
sponsors  of  the  Auto-ID  Center,  an  in¬ 
dustry-funded  research  project  at  MIT. 

One  of  the  Auto-ID  Center’s  chief 
missions  has  been  to  find  a  way  to  re¬ 
duce  the  cost  of  RFID  tags.  The  center 
recommends  the  use  of  passive  tags 
containing  a  limited  amount  of  infor¬ 
mation,  because  chips  with  less  memo¬ 
ry  are  cheaper.  Passive  tags  draw  pow¬ 
er  from  electromagnetic  waves  that 

Continued  on  page  26 


PHOTO  COURTESY  OF  RAFSEC 


iBM  recommends  Microsoft®  Windows®  XP  Professional  for  Business. 
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change  v.  i:f  ■■  •tier  prices  may  vary.  Public  access  not  available  in  all  areas.  Access  fees  may  apply.  ’Requires  download  of  client  software.  ’Based  on  IEEE  802.1 1  b.  This  wireless  LAN  product  has  been  designed  to  permit  legal  operation  worldwide  in  regions  in  which  it  is  approved.  Operation 

on  ctianm  •  .  •  •  r.errnitted  in  all  regulatory  regions  of  the  world.  Consequently,  the  wireless  LAN  feature  is  limited  to  operate  on  channels  1-11  and  will  not  support  channels  12, 13  and  14.  This  product  has  been  tested  and  certified  to  be  interoperable  by  the  Wireless  Ethernet  Compatibility 
Alliance  an.  ,r  •-..:•  nr  car  '-  me  Wi-Fi  logo.  ‘For  ThinkPad  and  NetVista  models  without  a  separate  video  card,  memory  supports  both  system  and  video.  Accessible  system  memory  may  be  up  to  64MB  less  than  the  amount  stated,  depending  on  video  mode.  SGB  =  1,000,000.000  bytes  when 
referring  to  st  ,  Accessible  capacity  is  less,  up  to  3GB  is  used  in  service  partition.  ‘These  model  numbers  achieved  eTesting  Labs,  Inc.'s  BatteryMark™  4.0.1  or  the  Ziff  Davis  Media,  Inc.’s  Business  Winstone®  2002  BatteryMark  Version  1 ,0  Battery  Rundown  Time  of  at  least  the  time  shown. 

This  test  was  .  v  tnout  .uiapendent  verification  by  the  VeriTest  testing  division  of  Lionbridge  Technologies,  Inc.  ("VeriTest")  or  Ziff  Davis  Media,  Inc.;  neither  Ziff  Davis  Media,  Inc.,  nor  VeriTest  makes  any  representations  or  warranties  as  to  these  test  results.  Winstone  is  a  registered  trademark 

and  BatteryMu  cc  rart  ,4  Zifl  Davis  Publishing  Holdings,  Inc.,  in  the  U.S.  and  other  countries.  A  description  of  the  environment  under  which  the  test  was  performed  is  available  at  ibm.com/pc/wwAhinkpad/batterylife  Battery  life  (and  recharge  times)  will  vary  based  on  many  factors  including 

screen  brightnes  .  . 1 '  asons  features,  power  management,  battery  conditioning  and  other  customer  preferences.  ’Includes  battery  and  optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable;  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options. 
Thinness  may  vi  .  points  on  the  system.  ’Some  software  may  differ  from  its  retail  version  (if  available)  and  may  not  include  user  manuals  or  all  program  functionality.  Software  license  agreements  may  apply.  Telephone  support  may  be  subject  to  additional  charges.  If  a  machine  is  listed  as 
having  “Onsite  serv  c  •  select :  . ".airs  '  or  “Limited  onsite  service,"  this  means  that  onsite  service  is  available  only  for  the  replacement  of  select  parts.  For  all  other  warranty  repairs,  IBM  will  provide  the  customer  a  replacement  part  for  customer  installation.  The  parts  for  which  onsite  service  is  available 
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NEW!  IBM  ThinkPad  T40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0? 

System  Features: 


Take  off  to  parts  unknown  with  an  IBM  ThinkPad®  wireless  notebook. 
The  world’s  easiest  way  to  switch  between  wired  and  wireless. 


Wherever  you  want  to  work,  the  sky  is  the  limit  when  you  have  IBM  ThinkPad 
notebooks  with  Access  Connections  software  and  wireless  Intel®  Centrino™  mobile 
technology  (on  select  models).  Now  it’s  easier  than  ever  to  switch  between  wired  and 
wireless  networks  —  whether  you’re  at  an  airport,  the  office,  an  Internet  cafe,  even 
your  kitchen.1  So  consider  the  IBM  ThinkPad  wireless  notebook,  and  experience  a 
whole  new  level  of  wireless  possibilities,  thiflk  frGOdOtTI 


1  866  426-1038  I  ibm.com/shop/m529 

Save  on  shipping.  Order  online.11 


•  Intel®  Centrino™  mobile  technology 

-  Intel"  Pentium  M  processor  1.3GHz  supports 
Enhanced  Intel  SpeedStep®  technology®' 

-  Intel®  PRO/Wireless  Network 
Connection  802.11b' 

•14.1"  XGA  TFT  Display  (1 024x768) 

•  256MB  DDR  SDRAM  std/2GB  max’ : 

•  30GB  hard  drive5 

•  Ultrabay™  Slim  DVD-ROM 

•  6.1-hr  battery  life6  •  5.6-lb  travel  weight' 

•  Microsoft  Windows®  XP  Professional5 

•  1-yr  system/battery  limited  warranty9 

*1,599* 

■  NavCode  2378D2U-M529 

ServicePac®  Service  Upgrade:50 
3-yr  Onsite  Repair/9x5/Next  Business 
Day  Response 
(#30L9195)  $243 

NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  easiest  wired  and 
wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0' 

System  Features: 

•  Intel'  Centrino™  mobile  technology 

-  Intel  Pentium  M  processor  1.3GHz  supports 
Enhanced  Intel  SpeedStep  technology1' 

-  Intel  PRO/Wireless  Network 

Connection  802.11b3  -r 

•14.1  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM  std/IGB  max 

•  20GB  hard  drive 

•  Ultrabay  Plus  CD-RW/DVD-ROM  combo  drive 

•  6.1-hr  battery  life  •  5.6-lb  travel  weight 

•  Microsoft'  Windows  XP  Professional 

•  1-yr  system/battery  limited  warranty 

*1 ,399* 

IS  NavCode  289723U-M529 

ServjeePac'  Service  Upgrade:' 

2-yr  Onsite  Repair/9x5/Next  Business 
Day  Response 
(#30L9T89)  *197.  v/ 


varies  by  machine,  but  may  include  the  processor,  power  supply,  heat  sink,  system  board  or  base  cover.  To  determine  the  complete  list  of  parts  for  which  onsite  service  is  available  for  a  particular  machine,  contact  IBM.  IBM  will  attempt  to  diagnose  and  resolve  any  problems  remotely  before  sending 
a  replacement  part  or  technician.’These  services  are  available  for  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Not  all  machine  types  and  models  are  covered  Service  period  begins  with  the  equipment  date  of  purchase. 
Service  must  be  purchased  during  the  original  limited  product  warranty  period.  Service  levels  are  response-time  objectives  and  are  not  guarantees.  A  service  technician  is  scheduled  to  arrive  at  your  location  within  two  or  four  business  hours  or  the  next  business  day  (depending  on  service)  after  remote 
problem  determination  is  completed.  For  the  9x5x4-hour  service,  calls  dispatched  after  1 :00  p.m.  local  time,  you  can  expect  the  service  technician  to  arrive  by  the  morning  of  the  next  business  day.  For  noncritical  service  requests,  a  service  technician  will  arrive  by  the  end  of  the  following  business  day 
If  the  machine  problem  turns  out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  External  peripherals,  such  as  lacks  tape  drives  and  channel  controllers,  require  their  own.  separate  service 
coverage;  they  are  not  covered  under  the  attached  Machine.  Service  activation  is  required  immediately  following  purchase.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at  the  depot  repair  center.  For  failing  non-IBM  components,  customer 
must  provide  replacement  part  unless  IBM  has  a  Technical  Support  Agreement  with  the  manufacturer.  Service  does  not  cover  accessories,  supply  items  and  certain  parts  such  as  batteries,  frames  and  covers. "Standard  shipping  included  when  you  order  online.  U  S.  only  With  Intel  SpeedStep,  processor 
speed  may  be  reduced  to  conserve  battery  power.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for  photographic  or  typographic  errors.  All  IBM  product  names  are  registered  trademarks  or  trademarks  of  International  Business 
Machines  Corporation  in  the  U.S.  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  of  Lotus  Development  Corporation,  an  IBM  Company.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  Celeron,  Intel  Centrino,  the  Intel  Centrino  logo  and  Pentium  are  trademarks  or  registered  trademarks  of 
Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corp,  All  rights  reserved 
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Continued  from  page  23 
the  tag’s  readers  generate,  whereas 
more  expensive  battery-powered 
active  tags  broadcast  signals. 

The  Auto-ID  Center’s  researchers 
also  realized  that  the  tag’s  silicon  chips 
would  need  to  be  smaller  to  lower  the 
cost.  But  reducing  the  size  of  the  chips 
isn’t  easy,  since  robots  have  trouble 
handling  chips  that  are  the  size  of 
pieces  of  glitter,  notes  Kevin  Ashton, 
executive  director  of  the  Auto-ID  Cen¬ 
ter,  who  is  on  loan  from  P&G. 

Alien  Technology  Corp.  in  Morgan 
Hill,  Calif.,  an  Auto-ID  Center  sponsor, 
is  at  the  forefront  of  a  new  chip-pack¬ 
aging  process  called  fluidic  self-assem¬ 
bly  that  it  hopes  will  reduce  the  cost  of 
passive  tags  from  50  cents  in  small 
quantities  today  to  5  cents  at  a  volume 
of  10  billion  by  2006,  says  Tom  Pounds, 
vice  president  of  corporate  develop¬ 
ment  and  product  strategy.  An  Alien 
manufacturing  line  capable  of  produc¬ 
ing  a  billion  units  annually  will  go  on¬ 
line  early  next  year,  and  a  second  man¬ 
ufacturing  line  capable  of  producing  10 
billion  units  per  year  is  planned  for 
2005,  Pounds  says. 

Gillette  made  waves  earlier  this  year 
when  it  negotiated  a  deal  with  Alien  to 
purchase  up  to  500  million  tags.  Com¬ 
pany  spokesman  Paul  Fox  says  Gillette 
will  achieve  its  goal  of  a  sub-10-cent 
tag  for  field  tests  over  the  next  few 
years,  although  Gartner’s  Jeff  Woods 
says  he  thinks  Alien  is  losing  money 
on  that  deal. 

Even  though  Gillette  is  doing  pilots 
with  European  retailers  on  individual 
items,  the  company  doesn’t  foresee 
item-level  tagging  in  production  for  at 
least  10  years,  according  to  Fox.  For 
that  to  happen,  per-tag  costs  must 
drop  to  a  penny  or  less,  he  says. 

Both  Wal-Mart  and  Gillette  have  de¬ 
cided  to  focus  on  pallets  and  cases. 

The  Bentonville,  Ark.-based  retailer 
this  spring  scrapped  plans  for  a  store 
trial  with  Gillette.  Wal-Mart  spokes¬ 
man  Tom  Williams  says  item-level 
RFID  is  years  away  for  the  retailer. 

Those  testing  the  technology  are  en¬ 
countering  challenges  at  the  pallet  and 
case  level.  Woods  says  some  users  are 
experiencing  read  rates  of  less  than 
80%  with  tags.  Wal-Mart  found  radio¬ 
wave  interference  problems  in  field 
tests  of  500  pallets  of  paper  towels. 

And  metal  and  liquids  don’t  mix 
well  with  radio  waves.  That  meant  that 
P&G  had  to  test  different  tags,  since 
Bounty  towels  have  different  proper¬ 
ties  than  Pantene  shampoo. 

“Th  ;e  problems  are  not  fundamen¬ 
tal,’  Ashton  claims.  “They  will  be 
solved  with  time  and  experience.” 


Readers  Are  Fundamental 


A  TAG  READER  COMMUNICATES  with  an 
RFID  tag  and  passes  on  the  informa¬ 
tion  to  software  applications.  Readers 
work  with  passive  tags  using  a 
method  known  as  inductive  coupling, 
in  which  a  reader’s  antenna  creates  a 
magnetic  field  with  the  tag’s  antenna. 

Although  passive  tags  keep  costs 
down,  their  readers  can  still  cost 
more  than  $1,000,  and  most  read  only 
chips  that  use  a  single  frequency.  To 
address  the  problem,  the  Auto-ID 
Center  designed  reference  specifica¬ 
tions  for  software-based  “agile”  read¬ 
ers  that  can  read  different  types  of 
tags  and  tags  that  operate  at  varying 
frequencies.  Ashton  predicts  that  the 
reader  cost  can  be  cut  to  $100  to  $200 


each  at  a  volume  of  10,000  units  with¬ 
in  three  years. 

“That’s  an  important  step,  because 
it  means  you  no  longer  have  to  have  a 
proprietary  tag-reader  combination,” 
says  Jim  Crawford,  vice  president  of 
Retail  Forward  Inc.,  a  research  and 
consulting  firm  in  Columbus,  Ohio. 

“It  lets  you  put  in  a  single  infrastruc¬ 
ture  to  read  multiple  tags.” 

But  Paula  Rosenblum,  an  analyst  at 
Boston-based  AMR  Research  Inc., 
says  there’s  little  evidence  that  the 
price  of  readers  is  dropping.  Many 
readers  don’t  work  reliably,  she  adds. 

The  read  range  of  a  tag  depends  on 
the  the  reader’s  power,  the  frequency 
that  the  reader  and  tag  use  to  commu¬ 


nicate,  and  antenna  size. 

Gene  Alvarez,  an  analyst  at  Meta 
Group  Inc.,  says  a  powerful  reader 
will  be  needed  to  read  a  passive  tag 
from  long  distances.  The  read  range 
for  a  passive  tag  is  now  three  to  six 
meters,  he  says. 


The  Software  Conundrum 


EVEN  IF  ALL  THE  TAG  AND  READER  issues  are 
worked  out,  simply  slapping  tags  on 
pallets,  cases  or  individual  products 
and  installing  readers  won’t  produce 
the  real-time  flow  of  data  that  retail¬ 
ers  and  suppliers  need  to  gain  the  full 
benefits  of  RFID  technology.  RFID  is 
going  to  change  business  processes  so 
fundamentally  that  users  will  have  to 
either  install  new,  possibly  experi¬ 
mental  applications  or  endure  a  mas¬ 
sive  rewrite  of  existing  programs, 
warns  Gartner’s  Jeff  Woods. 

“I  don’t  see  anything  [happening] 
with  RFID-centric  warehouse  man¬ 
agement  or  manufacturing,  or  even 
retail  processes,”  he  says.  “It’s  a  clas¬ 
sic  innovators’  dilemma,  because 
everyone  is  so  heavily  invested  in 


bar-code-based  infrastructure  and 
processes  that  they  are  the  least  likely 
ones  to  make  the  wholesale  transition 
quickly.” 

The  first  applications  will  emerge 
in  the  next  two  to  three  years,  Woods 
says.  Emerging  vendors,  such  as  Oat- 
Systems  Inc.  in  Watertown,  Mass.,  are 
working  on  the  problem,  as  are  estab¬ 
lished  vendors  such  as  Manhattan  As¬ 
sociates  Inc.,  SAP  AG  and  IBM. 

“Through  2007,  we’re  going  to  see 
primarily  applications  that  use  RFID 
tags  in  the  context  of  bar-code-based 
processes  —  things  like  receiving  at 
the  back  door  with  an  RFID  tag  in¬ 
stead  of  a  bar  code,”  Woods  predicts. 
“It’s  the  three-to-seven-year  time 
frame  when  we  will  start  to  see  en¬ 


tirely  new  processes  come  about.” 

The  Auto-ID  Center’s  response  to 
managing  the  flow  of  data  is  special- 
purpose  server  software,  called  a  Sa¬ 
vant,  which  it  predicts  will  be  running 
in  stores,  distribution  centers,  offices 
and  factories.  Savants  will  gather, 
store  and  act  on  information  and  in¬ 
teract  with  other  Savants,  deciding 
which  information  needs  to  be  for¬ 
warded  up  or  down  the  supply  chain, 
the  center  claims. 

Under  the  Auto-ID  Center’s  pro¬ 
posal,  RFID  tags  will  contain  a  limited 
amount  of  information  in  a  64-  or  96- 
bit  electronic  product  code  (EPC). 
The  reader  pulls  the  EPC  from  the  tag 
and  passes  it  to  a  Savant,  which  in 
turn  forwards  it  to  an  Object  Name 
Service  server  and  then  a  Physical 
Markup  Language  server  on  a  local 
network  or  the  Internet  to  find  infor¬ 
mation  stored  about  the  product.  The 
Savant  can  then  retrieve  the  file  and 
forward  it  to  the  company’s  inventory 
or  supply  chain  applications. 

“The  Auto-ID  Center  moved  the 
problem  of  data  from  the  tag  into  the 
system,”  says  Steve  Halliday,  presi¬ 
dent  of  High  Tech  Aid  in  Gibsonia, 

Pa.  But  he  predicts  that  some  compa¬ 
nies  will  want  tags  that  can  store 
more  data  so  they  can  Find  out  the 
contents  of  pallets  and  cases  on  the 
spot  where  the  tags  are  scanned, 
rather  than  having  to  connect  to  a 
Savant  and  other  servers. 

“All  that  RFID  does  for  a  retailer  or 
a  manufacturer  is  give  them  more 
granular  information  about  their 
products,”  says  Crawford.  “Mastering 
that  process  is  the  critical  efficiency 
issue  for  the  next  20  years  easily  for 
retailers  and  manufacturers.”  I 


The  Auto-ID  Center’s  Futuristic  Vision  for  RFID 


^  EPC:  F127.CmnF«g^  CompanyX«  ^Rojl  of  payr  ^ 

1  in  Pennsylvania 


1.  Tags  embedded  with  microchips  and  tiny 
radio  antennas  are  affixed  to  products,  cases 
and  pallets.  Each  tag  stores  a  unique  electronic 
product  code  (EPC). 

2.  A  reader  beams  a  radio  wave  that  is  picked 
up  by  a  tag’s  antenna.  The  tag  “wakes  up”  and 
broadcasts  its  EPC  to  the  reader. 

3.  The  readers  sends  the  EPCs  to  a  computer 
running  server  software  called  a  Savant. 

4.  The  Savant  sends  the  EPC  over  the  Internet 
or  a  private  network  to  an  Object  Name  Service 


(0NS)  database  server, 
which  refers  it  to  another 
server  that  contains  informa¬ 
tion  about  the  tagged  product  in  Physical 
Markup  Language  (PML)  format. 

5.  The  PM  L  server  sends  the  requested  data 
back  to  the  Savant. 

6.  Through  prebuilt  application  interfaces,  the 
Savant  sends  the  information  to  the  back-end 
inventory,  warehousing,  manufacturing  or  retail 
systems. 


NOTE  THE  FIRST  VERSION  OF  THE  EPC  SYSTEM  SPECIFICATION  IS  DUE  FOR  RELEASE  IN  SEPTEMBER 
SOURCE  AUTO-ID  CENTER.  XPLANE  CORP 
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Like  many  companies,  On¬ 
line  Resources  Corp.  has 
deployed  host-  and  net- 
work-based  intrusion- 
detection  systems  (IDS), 
firewalls  and  antivirus  tools  on  its  net¬ 
works.  But  until  it  installed  a  security 
event  management  suite,  the  company 
had  a  hard  time  dealing  with  the  del¬ 
uge  of  data  pouring  in  from  its  various 
security  systems.  Not  only  was  the  in¬ 
coming  data  voluminous  and  highly 
unreliable,  but  the  IT  staff  also  had  to 
collect  it  from  each  system  and  then 
manually  correlate  it. 

The  Security  Information  Manage¬ 
ment  suite  from  Edison,  N.J. -based 
NetForensics  Inc.  has  changed  that  by 
automating  Online  Resources’  process 
of  gathering,  consolidating,  correlating 
and  prioritizing  that  data,  says  Hugh 
McArthur,  information  security  officer 
at  the  Reston,  Va.-based  online  bill 
processor.  “It  has  given  us  a  single 
place  where  we  can  go  to  get  the  infor¬ 
mation  we  need,”  he  says. 

Many  companies  are  turning  to  cen¬ 
tralized  security  event  management 
tools  to  help  them  make  sense  of  cru¬ 
cial  security  information,  analysts  say. 
The  ever-increasing  number  of  secu¬ 
rity  appliances  around  the  network 
perimeter  has  created  a  stream  of  data 
that  needs  to  be  analyzed  and  correlat¬ 
ed,  says  Michael  Engle,  vice  president 
of  information  security  at  Lehman 
Brothers  Holdings  Inc.  in  New  York. 


Security  event  management  tools  can 
consolidate  and  correlate  data  from  disparate 
security  devices  across  the  network  security 
perimeter,  reducing  the  analysis  workload. 

By  Jaikumar  Vijayan 
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SORTING  THROUGH  THE  PRODUCTS 


When  Lehman  Brothers  first  started  im¬ 
plementing  an  event  management  sys- 

few  wefl-toKwn  products,  says  Michael 
Engle,  the  company’s  vice  president  of 
information  security.  Today,  there  are 
many  products  available. 

Vendors  fall  into  three  broad  cate- 

analyst  at  Forrester  Research.  The 
“pure-play”  vendors  include  Net- 
Forensics,  Inteilitactics  lnc„  Guarded- 
Net  Inc.  and  ArcSight  Inc. 

The  security  suite  vendors  include 
Symantec  Corp.  and  NetlQ  Inc.  Then 
there  are  the  traditional  management 
software  vendors  that  have  expanded 
into  the  security  management  soft¬ 
ware  market,  such  as  IBM,  with  its 
Tivoli  Risk  Manager,  and  Computer 
Associates  International  Inc.,  with  its 
elrust  Security  Command  Center. 

While  the  pure-play  vendors  focus 
on  security  information  management 
and  event -correlation  software,  ven¬ 
dors  of  suites  sei!  security  event  man¬ 
agement  as  part  of  a  broader  applica¬ 
tion  set.  NetlQ,  for  instance,  sells  inci¬ 
dent  and  event  management  as  part  of 
a  suite  of  capabilities  that  includes 


policy  and  compliance  management, 
identity  management  and  user  provi¬ 
sion,  and  configuration  management. 
Vendors  such  as  CA  and  IBM,  mean¬ 
while,  are  building  on  their  systems 
management  capabilities  with  their 
event  management  tools. 

Choosing  the  right  vendor  depends 
on  your  specific  needs  and  on  the 
ability  of  the  product  to  gather  infor¬ 
mation  from  tile  security  systems  in¬ 
stalled  on  your  network,  says  Hugh 
McArthur,  information  systems  secur¬ 
ity  officer  at  bi!!  processor  Online 
Resources. 

“A  lot  of  it  looks  good  on  paper.  But 
make  sure  the  product  can  support 
the  devices  that  you  are  going  to  de¬ 
ploy  it  on,”  McArthur  says.  Otherwise, 
users  have  to  develop  code  for  tying 
the  product  into  the  network  -  a  proc¬ 
ess  that  can  be  both  costly  and  time- 
consuming,  he  says. 

Also,  while  a  lot  of  these  products 
are  good  at  analyzing  IP  data  from 
firewalls  and  IDSs,  they’re  not  as  good 
with  data  collected  from  operating 
system  and  application  software  logs, 
Rasmussen  says. 

-  Jaikumar  Vijayan 


New  and  proposed  regulations  that 
will  require  companies  to  constantly 
monitor  their  networks  for  security  in¬ 
cidents  are  also  increasing  interest  in 
these  tools,  says  Michael  Rasmussen, 
an  analyst  at  Forrester  Research  Inc.  in 
Cambridge,  Mass.  “There  is  a  tremen¬ 
dous  driver  in  the  security  standards 
and  legislation  area.  The  reason  why 
people  are  buying  [such  technology]  is 
a  direct  result  of  this,”  he  says. 

Volume  Control 

IDSs,  firewalls  and  antivirus  software, 
as  wrell  as  operating  systems  and  appli¬ 
cations  software,  can  detect  and  report 
an  enormous  number  of  security  events 
daily,  say  users  and  analysts. 

For  instance,  the  security  incident 
management  system  at  Lehman  gath¬ 
ers  and  analyzes  information  about 
more  than  1  million  events  from  15 
different  systems  daily,  according  to 
Engle.  This  includes  data  from  IDSs 
and  authentication  systems,  a  tele¬ 
phony  password  reset  system  and  an 
anomaly-detection  system,  as  well  as 
logs  from  Lehman’s  main  e-commerce, 
Windows  and  Unix  systems. 

By  year’s  end,  the  firm  hopes  to  have 
a  new  system  in  place  that  will  help  it 
gather  and  analyze  more  than  80  mil¬ 
lion  daily  events,  including  consolidat¬ 
ed  firewall  log  data. 

Sifting  through  this  volume  of  data 
without  some  sort  of  consolidation 
and  correlation  technology  is  nearly 
impossible,  thereby  making  the  data 
worthless,  says  Pete  White,  a  security 
architect  at  Houston-based  M.D.  An¬ 
derson  Cancer  Center,  whose  own  fire¬ 
walls  generate  between  15  and  30  alerts 
every  second.  Security  event  manage¬ 
ment  software  helps  “separate  the 
wheat  from  the  chaff,”  he  says. 

Event  management  software  can 
help  cut  through  the  noise,  Engle 
agrees.  The  software  works  by  collect¬ 
ing  information  from  individual  secu¬ 
rity  systems  such  as  IDSs  and  firewalls. 
While  some  products  deploy  agent 
software  to  collect  the  information 
flowing  out  of  them,  others  just  use  the 
Simple  Network  Management  Protocol 
reports  and  system  logs  generated  by 
such  systems. 

The  tools  then  typically  “normalize” 
the  data  by  converting  it  into  a  com¬ 
mon  format  and  automatically  filtering 
out  duplicate  data,  such  as  multiple 
entries  for  the  same  virus  attack.  The 
normalized  data  is  then  dumped  into  a 
central  database  or  repository,  where 
correlation  software  can  match  data 
from  different  systems  and  look  for 
patterns  that  might  indicate  an  attack 
or  threat. 


Finally,  threats  are  prioritized  based 
on  their  severity  and  the  importance 
of  the  systems  that  are  vulnerable. 
Data  that  suggests  an  attack  against 
a  critical  e-commerce  server,  for  in¬ 
stance,  would  be  given  a  higher  priority 
than  an  attack  against  a  file  server. 

IT  security  administrators  can  view 
the  information  using  a  Web-  or  Java- 
based  console,  or  dashboard,  or  the  sys¬ 
tem  can  be  configured  to  send  alerts  to 
pagers  or  other  devices.  Dashboards 
can  give  companies  a  real-time  snap¬ 
shot  of  what’s  going  on  inside  the  cor¬ 
porate  network.  “We  are  able  to  see 
events  happen  more  quickly.  It  allows 
us  to  react  faster  if  wre  see  some  activity 
bubble  up  in  our  systems,”  says  White. 

The  benefits  of  deploying  such  soft¬ 
ware  can  be  enormous,  Engle  says. 
When  Lehman  first  installed  an  IDS 
in  1999,  it  generated  more  than  600 
alerts  daily — most  of  them  false 
alarms.  Today,  thanks  to  the  event- 
correlation  features  of  its  management 
system,  administrators  receive  fewer 
than  10  per  day.  The  system  today  is 
“turning  more  than  1  million  events 
down  to  less  than  10  alerts,”  Engle  says. 
Such  technology  allows  companies  like 
Lehman  to  pinpoint  threats  far  more 
efficiently,  identify  trends  that  might 


indicate  an  emerging  threat  and  fine- 
tune  incident  response,  Forrester’s 
Rasmussen  says. 

The  data  that  centralized  event  man¬ 
agement  systems  capture  and  store  is 
also  useful  for  forensic  analysis,  says 
Nitin  Ved,  chief  operating  officer  at 
NetForensics.  Such  systems  let  compa¬ 
nies  drill  down  into  the  details  of  an 
attack,  piece  together  relevant  infor¬ 
mation  from  different  systems  and 
quickly  build  a  composite  of  events 
leading  up  to  a  security  incident. 

The  technology  lets  administrators 
do  all  this  without  the  dedicated  atten¬ 
tion  to  individual  systems  that  would 
otherwise  be  required,  says  Bill  Steven¬ 
son,  security  manager  at  Inane,  Calif.- 
based  New  Century  Financial  Corp., 
which  uses  the  NetForensics  suite. 

The  Downside 

The  events  statistics  maintained  by 
security  event-correlation  systems  can 
also  be  useful  for  measuring  the  effec¬ 
tiveness  of  IT  security,  says  White.  But 
as  with  any  other  technology,  there  are 
several  major  caveats  associated  with 
the  use  of  such  products.  The  biggest 
has  to  do  with  the  quality  of  the  data 
that  is  fed  into  such  systems. 

The  old  adage  “garbage  in,  garbage 


out”  holds  true  with  both  event  and 
incident  management  software,  says 
Sweta  Duseja,  a  product  manager  at 
security  vendor  Check  Point  Software 
Technologies  Ltd.  in  Seattle.  That’s 
why  it’s  important  to  ensure  that  the 
right  filters  and  rules  are  set  for  cap¬ 
turing  the  information  that’s  fed  into 
the  system,  Engle  says. 

Indiscriminate  data  collection  can 
create  problems.  For  instance,  every 
time  a  user  clicked  on  CNN’s  Web  site, 
it  generated  144  separate  log  events  on 
Lehman’s  systems,  most  of  which  were 
useless  data.  “Initially,  we  were  send¬ 
ing  too  much  data  into  the  system  be¬ 
cause  we  thought  that  would  put  us  in 
a  good  place,”  Engle  says. 

Also,  implementing  event-correla¬ 
tion  technologies  often  involves  a  de¬ 
gree  of  customization  that  may  not  be 
apparent  at  first,  White  cautions.  De¬ 
spite  the  support  for  multivendor  tech¬ 
nologies  touted  by  several  vendors, 
users  often  need  to  develop  scripts  for 
capturing  information  from  specific 
security  devices  —  an  effort  that  can 
be  time-consuming  and  costly.  White 
adds. 

The  tools  can  also  impose  quite  a 
steep  storage  requirement  on  the  orga¬ 
nization,  depending  on  what  it  wants 
to  do  with  the  data,  says  New  Centu¬ 
ry’s  Stevenson.  “It  all  depends  on  how 
many  devices  you  are  plugging  into  the 
system  and  how  far  back  you  want  to 
go  with  the  data.  It  can  be  for  as  little 
as  a  month  or  two  or  for  as  long  as  six 
years.  You  never  know,”  he  says.  For 
this  reason,  many  products  support  up 
to  2TB  of  data  out  of  the  box. 

Despite  the  growing  maturity  of  such 
technologies,  no  single  product  can 
gather  all  the  relevant  security-related 
information  from  across  operating  sys¬ 
tems,  applications  and  the  network, 
Rasmussen  says.  For  instance,  while 
some  products  may  excel  at  gathering 
network-level  data,  other  products  may 
do  so  at  an  operating  system  level. 

Upfront  costs  can  be  steep  as  well. 
Event  management  systems  typically 
start  at  over  $100,000.  That  puts  them 
out  of  reach  for  many  businesses  that 
would  otherwise  be  attracted  to  them, 
says  Bill  Spemow,  chief  information 
security  officer  at  the  Georgia  Student 
Finance  Commission  in  Tucker,  Ga. 

But  for  organizations  that  can  afford 
it,  users  and  analysts  say,  the  technol¬ 
ogy  can  yield  rich  benefits.  ► 


PRODUCTS  AND  VENDORS 

For  a  sample  listing  of  vendors  of  security  event 
management  software,  visit  our  Web  site: 

QuickLink  40089 
www.computerworld.com 
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Subatomic  properties 
will  remake  computing. 

By  Gary  H.  Anthes 


FUTURE 

WATCH® 


IMAGINE  A  DATA  STORAGE  DEVICE 
the  size  of  an  atom,  working  at  the 
speed  of  light. 

Imagine  a  microprocessor  whose 
circuits  could  be  changed  on  the  fly. 
One  minute,  it  would  be  optimized  for 
database  access,  the  next  for  transac¬ 
tion  processing  and  the  next  for  scien¬ 
tific  number-crunching. 

Finally,  imagine  a  computer  memory 
thousands  of  times  denser  and  faster 
than  today’s  memories.  And  non- 
_  volatile,  so  it  retains  its  con¬ 
tents  when  the  power  is  off. 

All  of  these  and  more  are  on 
computing’s  horizon,  thanks  to 
the  exploding  field  of  spin- 
tronics.  Spintronics,  from 
“spin  transport  electronics,”  isn’t  en¬ 
tirely  new.  The  spintronic  effect  called 
giant  magneto-resistance  was  intro¬ 
duced  by  IBM  in  1997  in  its  GMR  disk- 
read  head.  As  a  result,  disk  capacities 
have  jumped  by  a  factor  of  100  in  the 
past  five  years. 

Electronic  circuits  are  driven  by 
electron  flows,  which  have  a  charge 
that  can  be  measured  and  controlled. 


But  electrons  not  only  flow;  they  also 
spin  like  tiny  bar  magnets.  Depending 
on  their  orientation,  the  spins  are  said 
to  be  “up”  or  “down.” 

This  additional  variable,  or  “degree 
of  freedom,”  means  that  electrons 
can  do  more  things  and  convey  more 
information  than  they  do  in  conven¬ 
tional  electronics.  “Spin  gives  you  an 
additional  knob  to  turn,”  explains 
Stuart  Wolf,  a  program  manager  at  the 
Defense  Advanced  Research  Projects 
Agency  (DARPA),  which  is  funding 
much  of  the  spintronics  research  in 
the  U.S. 

The  most  immediate  research  goal 
is  to  produce  magnetic  random-access 
memory  (MRAM),  which  stores  data 
using  magnetism  rather  than  electrical 
charges.  Unlike  the  dynamic  RAM  in 
your  PC,  MRAM  is  nonvolatile. 

IBM  is  working  with  Munich-based 
Infineon  Technologies  AG  and  says  it 
will  have  MRAM  in  production  as  early 
as  2005.  It  will  be  50  times  faster  than 
DRAM  and  10  times  denser 
than  static  RAM,  and  it 
could  eventually  replace 
both,  says  Stuart  Parkin,  an 
IBM  fellow  at  the  compa¬ 
ny’s  Almaden  Research 
Center  in  San  Jose. 

Others  have  even  sug¬ 
gested  that  MRAM  might 
replace  disks  for  data  stor¬ 
age.  Putting  logic  and  stor¬ 
age  in  a  single  chip  would 
eliminate  the  slow  disk  I/O  that’s  a  bot¬ 
tleneck  in  most  computer  processing. 

IBM’s  MRAM  will  use  magnetic  tun¬ 
nel  junctions,  an  application  of  spin¬ 
tronics  in  which  electrons  are  allowed 
to  “tunnel”  between  two  ferromagnetic 
layers  based  on  their  spin.  Each  junc¬ 
tion  can  store  one  bit.  “It  promises  a 
sort  of  universal  RAM  with  very  high 
performance  —  high  writing  and  read¬ 
ing  speeds  —  plus  very  high  density 
and  nonvolatility,”  Parkin  says. 

Nuclear  Memories 

Further  out,  researchers  are  working 
on  still  more  exotic  applications  of 
spin.  David  Awschalom,  director  of  the 
Center  for  Spintronics  and  Quantum 
Computation  at  the  University  of  Cali¬ 
fornia,  Santa  Barbara,  is  looking  at 
what  might  be  done  with  the  spin  of 
an  atom’s  nucleus,  a  new  idea. 

“The  subatomic  part  of  the  atom 
would  store  the  information,  and  the 
electron  would  act  as  the  bus  to  carry 
information  in  and  out  of  the  nuclear 
subsystem,”  Awschalom  says. 

He  aims  to  build  an  optical-based  in¬ 
formation  processor  in  which  beams  of 
light  would  transfer  information  to  the 


nucleus  through  electrons.  Such  nu¬ 
clear  memories  would  be  “many  or¬ 
ders  of  magnitude”  denser  and  faster 
than  traditional  semiconductor  memo¬ 
ries,  he  says. 

Indeed,  more  broadly,  the  thrust  of 
spintronics  research  will  be  to  com¬ 
bine  electronics  and  photonics  with 
magnetism  —  which  traditionally  in¬ 
volves  metals  —  in  semiconductor  ma¬ 
terials.  That  will  enable  ultrafast  and 
ultraefficient  submicron  devices  that 
integrate  computing,  communications 
and  storage.  The  slow  interfaces  be¬ 
tween  different  materials  that  convert 
one  kind  of  signal  or  property  into  an¬ 
other  would  be  gone,  and  the  latencies 
that  typically  slow  the  movement  of 
data  from  one  processing  stage  to  an¬ 
other  would  be  greatly  reduced. 

“You’d  have  everything  integrated  in 
a  much  simpler  circuit,”  says  DARPA’s 
Wolf.  “They  would  be  much  like  exist¬ 
ing  semiconductor  devices,  except  the 
current  is  spin-polarized.”  That  would 
enable,  for  example,  the 
construction  of  very  fast 
communication  switches. 
“You  could  call  it  spin 
photonics,”  he  says.  “They 
can  easily  operate  at  tera¬ 
hertz  speeds.” 

A  semiconductor  device 
can’t  use  spin  until  a  way 
is  found  to  get  spin-polar¬ 
ized  electrons  into  it,  and 
that  has  proved  difficult. 
But  IBM  recently  demonstrated  that 
it  can  use  magnetic  tunnel  junctions 
to  inject  the  current,  as  they  do  for 
MRAM. 

IBM’s  Parkin  says  spintronic  semi¬ 
conductors  could  be  used  to  build  re- 
configurable  logic  devices.  “So  maybe 
your  computer  could  be  optimized  for 
certain  instructions  by  rearranging  the 
way  [logic]  gates  are  connected,  on  the 
fly,”  he  says. 

Another  tough  challenge  has  been 
to  create  magnetic  semiconductors 
that  sustain  their  spin  states  at  room 
temperature,  but  physicists,  materials 
scientists  and  engineers  have  made 
tremendous  progress  on  that  front 
just  this  year.  “We  are  not  quite  there 
yet,”  Awschalom  says.  “But  it’s  a  rap¬ 
idly  moving  field.  If  you’d  asked  me 
a  year  ago  where  we’d  be  today,  I 
would  have  been  largely  wrong  in 
my  assessment.” 

The  rapid  development  of  spintron¬ 
ics  seems  likely  to  continue,  says 
Awschalom.  “The  theory  is  in  quite 
sound  shape.  What’s  exciting  about 
this  field  is  there  are  no  obvious  show- 
stoppers.  There  are  many  challenges, 
though.”  » 


WHAT  IT  DOES 

Spintronics  seeks  to 
harness  the  spin  of 
electrons,  in  addition 
to  their  charge,  to 
build  superpowerful 
devices  for  comput¬ 
ing,  communications 
and  data  storage. 


HEADPHONES  THAT  OFFER  SUPERIOR  NOISE  REDUCTION 
AND  EXCEPTIONAL  AUDIO.  WHAT  COULD  BE  BETTER? 

THE  NEW  AND  IMPROVED  MODEL. 


hen  our  original 
Qu  ietComf  ort® 
headphones  were  intro¬ 
duced,  Upscale  magazine 
called  them  "revolutionary." 

The  Boston  Globe  wrote,  "with 
the  Bose  Acoustic  Noise  Cancelling 
headsets  on,  the  airplane  roar  became  a 
whisper."  And  audio  critic  Rich  Warren  named 
them  his  "product  of  the  year." 

Imagine  what  you'll  say  about  our  new 
QuietComfort® 2  headphones  -  which 
combine  the  exceptional  noise-reduction 
technology  of  our  original  headphones 
with  dramatically  improved  audio  per¬ 
formance  and  enhanced  convenience. 


Introducing  The 
New  QuietComfort®2 
Acoustic  Noise 
Cancelling®  Headphones. 


REMARKABLE  NOISE  REDUCTION. 

We  originally  designed  our  noise-reducing  headphones  for  airplane 
travelers.  But  customers  soon  started  telling  us  how  well  they 
work  in  other  noisy  places.  That's  why  our  new  QuietComfort®2 
headphones  feature  the  same  patented  technology  that  electroni¬ 
cally  identifies  and  dramatically  reduces  noise  while  faithfully 
preserving  the  music,  movie  dialogue  or  silence  you  want.  So  you  can 
use  them  to  concentrate  at  the  office,  reduce  the  whine  of  neighbor¬ 
hood  lawn  mowers  or  watch  a  movie  during 
your  next  flight.  Or  simply  relax  in  peace. 


ENHANCED  CONVENIENCE. 

Their  new  fold-flat  design  means 
they'll  slip  easily  into  a  bag  or  brief¬ 
case.  You  can  listen  to  portable 
CD/DVD/MP3  players,  home 
stereos,  computers  and  in-flight 
entertainment  systems  -  or 
nothing  at  all.  And  you  can  wear 
them  for  hours,  because  we've 
made  them  so  lightweight  and  comfort¬ 
able.  CNET says,  "They  feel  good  -  even  lux¬ 
urious  -  on  your  ears."  We  say  it's  easy  to 
forget  you  have  them  on. 

TRY  THEM  FOR  YOURSELF  -  RISK 
FREE.  We  don't  expect  you  to  take  our 
word  for  how  dramatically  our  new 
headphones  reduce  noise,  how  clean 
and  full  they 

sound  or  how  comfortably  they  fit. 

So  we  invite  you  to  try  them  for  30  days. 

If  you  can  live  without  them,  return 
them  for  a  full  refund.  It's  that  simple. 

Call  and  ask  about  our  12-month  interest-free  payment 
plan*  And  discover  the  kind  of  performance  that  has  made  Bose 
the  most  respected  name  in  sound. 


PREMIUM  SOUND.  The  improved  audio 
technology  inside  our  new  QuietComfort®2 
headphones  delivers  sound  so  real,  even  the  subtlest  musical 
nuances  come  through  with  amazing  clarity.  When  audio  critic 
Wayne  Thompson  heard  our  new  QuietComfort®2  headphones,  he 
reported,  "Bose  engineers  have  made  major  improvements." 
If  you're  a  headphone  user,  we  think  you'll  agree  -  this  technology 
makes  your  music  sound  better.  The  details  come  shining  through. 


©2003  Bose  Corporation  Patent  rights  issued  and/or  pending  •Installment  payment  plan  not  to  be  combined  with  any  other  offer  or  applied  to  previous  purchases,  and  available  on  credit  card  orders  only.  Payment  plan  is  subject  to  emit  approval,  arc  other  condioo":  may  appry  You-  credit  card  vw  be  debited  each  month  with  no  inter 
est  charges  from  Bose  Credit  card  rules  and  interest  may  apply.  First  payment  to  include  shipping,  handling  and  applicable  sales  tax.  Payment  plan  subject  to  change  without  notice.  Risk  free  refers  to  30-day  trial  offer  only.  Quotes  repnnted  wth  perrnssen  Canoe  Dickerson  and  Constance  E  Clemons,  Upscale.  3/Oh ;  Jerry  Moms  Boston 
Globe,  1 0/24/99  on  the  original  airline  headset;  Rich  Warren,  News-Gazette,  1 1  /27/00;  Wayne  Thompson,  Wand  Oregonian,  4/1 8/03;  David  Camoy,  CNET,  4/1 6/03. 
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aulty  Rules  Foul 
Router  Protection 

A  misconfigured  access-control  list  leaves 
a  global  network  open  to  a  denial-of-service 
attack.  By  Vince  Tuesday 


This  week,  my  team  and 
I  discovered  a  vulnera¬ 
bility  in  the  Cisco  Sys¬ 
tems  Inc.  equipment  we 
use  in  our  global  network. 
There  are  253  possible  IP- 
based  protocols  in  IP  Version 
4,  and  the  majority  of  Cisco 
routers  and  switches  have  a 
serious  problem  with  four  of 
them.  The  flaw  leaves  un¬ 
patched  equipment  open  to  de- 
nial-of-service  attacks. 

Once  the  Cisco  de¬ 
vice  receives  a  certain 
number  of  IP  packets 
of  Type  53, 55, 77  or 
103,  it  stops  function¬ 
ing.  If  a  swatch  or 
router  doesn’t  know 
what  to  do  with  a  given  pack¬ 
et,  it  just  leaves  it  in  the  queue 
until  the  queue  fills  up  and  the 
device  stops  working. 

The  first  reports  of  this  vul¬ 
nerability  made  it  clear  that 
the  packets  had  to  be  targeted 
at  the  router  being  attacked  in 
order  to  succeed.  I  immediate¬ 
ly  thought  we  would  be  fine, 
since  our  core  routers  have 
access-control  lists  (ACL).  We 
set  these  up  to  operate  like  a 
minifirewall  that  can  allow  and 
deny  various  kinds  of  traffic. 

To  protect  our  routers,  we 
set  a  rule  that  routers  accept 
specific  traffic  types  coming 
only  from  our  internal  man¬ 
agement  machines.  We  don’t 
bother  listing  every  kind  of 
bad  data.  Instead,  we  drop 
everything  except  the  handful 
of  things  we  need.  So  our 
routers  drop  those  four  vul¬ 
nerable  protocols  without 
processing  them,  along  with 
every  other  IP-based  protocol 
except  TCP  and  the  User 
Datagram  Protocol. 

This  meant  we  didn’t  have 
to  do  anything.  Or  did  it?  We 


checked  our  internal  routers 
to  make  sure  the  right  protec¬ 
tions  were  in  place  and  then 
performed  the  same  check  on 
our  Internet-facing  routers. 
Our  firewall  drops  the  four 
protocols  mentioned  earlier, 
so  it  would  be  difficult  for 
someone  to  attack  our  internal 
routers.  However,  the  external 
routers  that  connect  to  multi¬ 
ple  Internet  service  providers 
have  to  be  outside 
the  firewall,  and  so 
they  might  accept 
those  protocols  if 
they  were  miscon¬ 
figured. 

I  checked  our  ex¬ 
ternal-facing  routers 
from  a  remote  provider’s  site, 
connecting  to  each  and  scan¬ 
ning  to  see  on  which  protocols 
and  ports  the  routers  were 
listening,  and  I  was  very  sur¬ 
prised  when  one  answered 
on  Telnet. 

We  use  Telnet  to  manage 
some  of  our  routers  because 
not  all  versions  of  Cisco’s  In¬ 
ternetworking  Operating  Sys¬ 
tem  (IOS)  support  Secure 
Shell,  our  preferred  encryp¬ 
tion  method.  But  Telnet  wasn’t 
supposed  to  accept  connec- 


I  checked  our 
external-facing 
routers . . . 
and  was  very 
surprised  when 
one  answered 
on  Telnet. 


tions  from  outside  our  compa¬ 
ny.  The  router’s  ACL  should 
have  limited  connections  to 
only  those  from  authorized 
devices  with  addresses  inter¬ 
nal  to  our  network. 

As  it  turned  out,  the  ACL 
had  been  applied  correctly, 
and  other  traffic  was  being 
dropped  as  designed.  Then  I 
noticed  that  the  IP  address  in 
the  rule  didn’t  match  the  IP 
address  of  the  router  I  was 
examining.  It  belonged  to  an¬ 
other  Internet-facing  router. 

A  network  administrator 
must  have  cut  and  pasted 
the  rule  set  for  the  router’s 
ACL  without  editing  the  IP 
address. 

After  we  corrected  the  IP 
addresses  in  the  ACL,  we 
thought  we  could  rest  easy: 

No  attacker  could  get  any 
flawed  data  to  our  machines. 

TTL  Tempest 

I  have  to  despise  attackers.  It’s 
a  professional  requirement  of 
the  security  field  to  hate  those 
who  make  our  lives  difficult. 
But  once  in  a  while,  I  have  to 
give  the  brightest  ones  a  bit 
of  respect. 

Some  clever  person  figured 
out  that  you  might  not  have  to 
send  traffic  to  a  router  to  get  it 
to  process  the  data.  Every  pack¬ 
et  on  the  Internet  has  a  Time 
To  Live  (TTL)  counter  setting, 
and  every  time  a  router  han¬ 
dles  a  packet,  its  number  de¬ 
creases  by  1.  This  keeps  pack¬ 
ets  from  circulating  forever. 

If  the  TTL  reaches  0  while 
passing  through  a  router,  then 
that  router  must  process  the 
packet  to  decide  if  someone 
needs  to  be  sent  a  warning 
that  the  packet  didn’t  make  it. 

I  received  an  e-mail  security 
alert  from  a  trusted  source 
that  said  if  you  arrange  the 
TTL  of  Packet  Types  53, 55, 77 
or  103  so  that  they  reach  0 
just  as  they  hit  a  Cisco  router 
like  ours,  that  router  will 


process  the  packets  despite 
the  ACL  settings.  The  packets 
won’t  match  the  ACL,  as  they 
aren’t  destined  for  that  router 
but  for  addresses  behind  it.  If 
the  router  processes  packets 
with  these  four  IP-based  pro¬ 
tocols,  then  the  packets  will 
get  stuck,  and  the  router  will 
fill  up  and  stop. 

That’s  clever  but  annoying, 
because  it  meant  we  would’ve 
had  to  make  sure  that  we  had 
deployed  not  only  the  right 
ACLs  but  also  the  new  ver¬ 
sions  of  IOS  to  fix  the  prob¬ 
lem.  Each  time  we  thought  we 
had  this  problem  under  con¬ 
trol,  it  popped  up  again.  We 
can  test  a  new  release  of  IOS, 
but  it  takes  time  and  is  risky  to 
deploy,  whereas  ACLs  are  well 
understood  and  low  risk. 

Then,  as  we  were  rushing 
about  with  our  testing,  Cisco 
contacted  us  to  say  that  this 
risk  doesn’t  exist.  It  said  the 
routers  discard  the  TTL  pack¬ 
ets  without  problems.  Were 
the  hackers  wrong?  I  have  to 
trust  that  Cisco  knows  best 
what  its  equipment  can  do. 

Once  the  new  version  of 
IOS  is  out  of  testing  and  de¬ 
ployed,  we’ll  be  safe.  Until 
then,  we’ll  closely  monitor 
how  well  the  ACLs  are  pro¬ 
tecting  us. 

The  strangest  thing  about 
this  whole  issue  has  been 
that  a  large  number  of  our 
customers  have  asked  what 
we’re  doing  about  it.  I  don’t 
understand  this.  I  would  never 
ask  another  company  what  it 
was  doing,  since  the  answer 
wouldn’t  cause  me  to  do  any¬ 
thing  differently. 

I  also  don’t  have  the  re¬ 
sources  to  ask  every  supplier 
what  it’s  doing  about  such  is¬ 
sues.  Rather  than  try  to  have 
enough  people  free  to  collate 
all  that  information,  I’ll  just 
protect  myself  from  the  possi¬ 
ble  attack,  be  safe  and  not 
worry  about  what  others  do.  > 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real 
security  manager,  “Vince  Tuesday,"  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  vince. 
tuesday@hushmail.com,  or  join  the  dis¬ 
cussion  in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

Ocomputerworld.com/secjournal 
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Security  Bookshelf 

Secure  Coding:  Principles  and 
Practices,  by  Mark  G.  Graff 
and  Kenneth  R.  van  Wyk, 
O’Reilly  &  Associates,  2003. 


Secure 

Coding 


Judging  by 
the  number  of 
security  bugs 
that  continue 
to  emerge,  a 
good  book 
about  writing 
secure  code  is 
quite  timely. 

The  authors  of 
this  guide  have  plenty  of  expe¬ 
rience  in  trying  to  produce  se¬ 
cure  code,  and  those  experi¬ 
ences  shine  through  in  the 
many  real-world  examples 
they  give  and  the  practical  ap¬ 
proaches  they  take  in  architec¬ 
ture,  design,  implementation, 
operations  and  testing. 

This  is  an  excellent  book  to 
dip  into  for  ideas  to  improve  cod¬ 
ing  practices  in  your  organiza¬ 
tion.  It  doesn't  go  into  all  the 
technical  details,  but  it  does  help 
you  make  sure  that  you’re  ask¬ 
ing  the  right  questions.  Secure 
Coding  includes  a  comprehen¬ 
sive  bibliography  and  Web  links. 

-  Vince  Tuesday 

Most  Underrated 
Vulnerabilities 

TheSTAT  network  security 
unit  at  Melbourne,  Fla.-based 
Harris  Corp.  released  its  list  of 
the  most  underrated  and  most 
overrated  security  vulnerabili¬ 
ties  a  week  ago.  Remote  pro¬ 
cedure  call  vulnerabilities 
probably  wouldn’t  top  the  list 
after  last  week’s  bout  with  the 
Blaster  worm: 
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RPC  vulnerabilities 


Distributed  Compo¬ 
nent  Object  Model 
vulnerabilities 


Wireless 

vulnerabilities 


Keystroke-logger 

vulnerabilities 


Spyware  programs 


j 


k  A 


I'?---:'' 


the  power 

of  insight 


the  exhilaration 

of  a 

*■  breakthrough 


Platinum  Sponsors 


Intel  Capital 


— 


DEMO  mobile  2003 


the  launchpad  for  tomorrow's  wireless  innovations 
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Now's  the  time  to  register  for  DEMOmobile  2003:  the  premier  annual  showcase  of  mobile 

and  wireless  technology  innovation.  DEMOmobile  features  never-before-seen  products  and  services, 
and  lets  you  get  up  close  with  the  industry's  leading  thinkers  -  the  ones  who  are  crafting  the  very  future  of 
the  mobile  and  wireless  marketplace. 


This  year  at  DEMOmobile  2003,  we'll  unveil  some  of  the  newest  and  most  innovative  applications 
for  today's  next-generation  networks,  and  you'll  get  a  peek  at  the  plans  of  major  market  players 
such  as  Nokia,  Qualcomm,  France  Telecom,  Intel  and  Microsoft,  plus  major-label  content  players, 
investors,  and  researchers.  We  can't  leak  any  more  details.  But  we  can  tell  you  that  DEMOmobile  2003 
will  unveil  startling,  breakthrough  technologies  that  will  have  the  industry  abuzz. 
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Register  today  at 
www.idgconferences.com/M3ACW 
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Digital  Document 
Security  and  IT: 
Everything  you 
need  to  know. 

Q#  What  are  the  most  significant 
•  digital  copier  security  issues? 

A#  Various  copier  print  controllers 
•  are  actually  servers  that  queue 
and  permanently  store  multiple 
document  files,  providing  administrator 
access  to  the  documents.  At  a 
minimum,  most  digital  copiers  retain 
the  last  document  processed;  some 
even  retain  multiple  documents 
totaling  hundreds  of  pages.  Others 
redirect  print  jobs  when  the  printer  is 
busy  or  jammed,  making  "denial  of 
service"  attacks  possible. 

Q#  How  does  Sharp  protect  the 
•  network  interface? 

A#  The  Sharp  Ethernet  card  allows 
•  administrators  to  restrict 
access  and  disable  unnecessary 
protocols.  With  this  network  card,  the 
Sharp  digital  copier  is  essentially 
protected  by  its  own  firewall. 

Q#  How  can  you  be  sure  that 
•  security  products  actually 
perform  as  claimed? 

A#  The  Common  Criteria 

•  program — administered  by 
the  U.S.  National  Security  Agency  and 
the  National  Institute  of  Standards 
and  Technology— evaluates  security 
solutions.  Products  that  are  validated 
under  the  program  meet  security 
levels  consistent  with  ISO  1 5408 
methodology. 

Q#  How  can  Sharp  improve  IT 
^  security? 

A#  Sharp  offers  print  privacy 
•  solutions  designed  to  restrict 
unauthorized  personnel  from  seeing 
confidential  materials.  Copier  access 
can  be  controlled  and  monitored, 
while  documents  retained  in  printer/ 
copier/scanner/fax  memory  are 
immediately  cleared  to  eliminate 
unauthorized  access. 


sharpusa.com 


be  sharp" 
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Outsourcing  2.0: 
Collaborative  Development 


CORPORATE  IT  is  in  the  middle  of  a 
huge  sea  change.  The  Internet  has 
made  it  possible  to  cut  IT  costs  by 
50%  or  more  by  employing  out¬ 
sourcers  in  jurisdictions  with  low 
labor  costs.  What’s  the  next  wave,  and  what  are 
the  implications  for  corporate  IT  departments? 


The  answer  is  com¬ 
plicated,  but  the  impli¬ 
cations  are  clear:  We’re 
moving  toward  a  new 
model  for  IT  outsourc¬ 
ing,  which  I  call  Out¬ 
sourcing  2.0.  At  the  cen¬ 
ter  of  this  model  are 
new  tools  that  enable 
global  collaborative 
development. 

In  a  few  short  years, 
corporations  are  going 
to  be  paying  big  money 
for  IT  professionals 
who  can  fill  a  hot  new 
job  title:  collaborative 
development  manager. 

This  manager  will  marshal  devel¬ 
opment  teams  dispersed  over  the 
globe  and  tie  them  together  with 
peer-to-peer  (P2P)  tools  to  create 
great  software.  The  result  will  be 
cost  savings  that  exceed  the  off¬ 
shore  model. 

The  tools,  which  are  critical 
connecting  points,  are  here  now. 
The  open-source  community  has 
built  and  leveraged  P2P  developer 
tools  for  years.  Now  Microsoft  de¬ 
velopers  can,  too.  The  company 
is  hosting  an  application  service 
provider  version  of  SourceSafe  on 
www.GotDotNet.com. 

Microsoft  has  also  announced 
collaboration  features  in  the  up¬ 
coming  Whidbey  version  of  Visual 
Studio.  These  features  will  enable 
developer  collaboration  worldwide 
and  signal  that  collaborative  devel¬ 
opment  is  a  trend  —  and  not  mere¬ 


ly  a  fad.  This  is  con¬ 
firmed  by  Mike  Werner, 
director  of  Microsoft’s 
emerging  business  team 
in  Boston.  “Developer 
collaboration  is  promot¬ 
ing  community  at  all 
levels  of  the  software- 
development  ecosys¬ 
tem,”  he  says.  “We  rec¬ 
ognize  that  one  size 
doesn’t  fit  all,  and  we 
have  to  be  flexible  in 
how  we  build  tools  and 
programs  for  this  dy¬ 
namic  segment.”  Trans¬ 
lation:  Developer  collab¬ 
oration  is  a  big,  Web- 
enabled  deal  that  can’t  be  ignored. 

What’s  driving  the  collaboration 
trend,  and  what  does  it  mean  for 
U.S.  corporations?  First,  the  wage 
disparity.  Offshore  compensation 
will  rise,  U.S.  compensation  will 
fall,  or  some  combination  of  the 
two  will  occur.  Direct  collaborative 
development  between  U.S.  IT  man¬ 
agers  and  freelance  offshore  devel¬ 
opers  will  drive  this  trend  further. 

Second,  specialized  service  firms 
such  as  Assembla  are  catering  to 
small  companies  with  bare-bones 
budgets.  Over  time,  these  firms  will 
target  midsize  U.S.  corporations. 
Larger  businesses,  valuing  pre¬ 
dictability  equally  with  cost  sav¬ 
ings,  are  content  with  traditional 
offshore  outsourcing.  But  that  will 
change  as  some  use  a  mixed  model 
and  explore  the  use  of  collaborative 
P2P  development  tools. 


dan  mezick  is  president 
of  New  Technology  Solu¬ 
tions  Inc.,  a  Java  and 
.Net  training  firm  in  North 
Haven,  Conn.  Contact 
him  at  dan. mezick® 
newtechusa.com. 


The  key  to  this  is  that  IT  shops 
stateside  will  need  truly  talented 
IT  pros  to  pull  it  all  together.  Skills 
needed  will  include  four  to  six 
years’  IT  experience,  project  man¬ 
agement  skills  and  solid  business 
knowledge.  I  expect  U.S.  IT  shops 
to  start  looking  seriously  at  train¬ 
ing  IT  managers  to  handle  these 
collaborative  project  tasks.  Al¬ 
ready,  the  most  confident  foreign 
developers  and  the  most  cost-moti¬ 
vated  small  software  start-ups  are 
doing  just  that. 

Astute  IT  pros  with  the  requisite 
skills  will  immediately  get  aligned 
with  these  forces  and  create  a  new 
job  in  U.S.  IT  —  the  collaborative 
development  manager.  U.S.  compa¬ 
nies  that  have  large  IT  shops  might 
begin  looking  at  the  Microsoft 
tools,  experimenting  with  training 
and  deploying  IT  managers  to  ex¬ 
plore  the  potential.  As  the  trend 
gains  momentum,  a  mass  of  late¬ 
comers  will  join  the  game. 

One  aspect  corporations  will 
have  to  manage  is  the  close  work¬ 
ing  relationships  between  IT  man¬ 
agers  and  developers  dispersed 
throughout  the  world  that  will  de¬ 
velop  with  the  help  of  daily  e-mail. 
If  improperly  managed,  there  could 
be  problems  in  these  relationships 
if  and  when  an  IT  manager  departs 
for  greener  pastures.  Expect  IT 
pros  with  a  proven  track  record 
in  this  area  to  become  targets  of 
bidding  wars. 

The  IT  megatrend  toward  collab¬ 
oration  and  P2P  technologies  is  ac¬ 
celerating  worldwide.  Corporations 
that  experiment  now  by  finding  the 
right  people  to  make  the  new  col¬ 
laborative  model  work  will  enjoy 
cost  savings  not  available  by  any 
other  method.  I 
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♦Trends  in  Proprietary  Information  Loss  Survey  (ASIS  2002).  ©2003  Sharp  Electronics  Corporation. 

How  secure  is  your  digital  information? 


Protect  your  information  with  the  Data  Security 
Kit  from  Sharp.  Financial  facts,  personnel  records, 
customer  lists:  networked  copiers/printers  process 
sensitive  information  every  day.  Unfortunately,  their 
hard  drives  can  also  be  accessed  via  the  network, 
contributing  to  $60  billion  worth  of  information 
theft  every  year*  To  protect  this  weak  link  in  your 


y*  Common  Criteria 


corporate  security,  we've  created  our  Data  Security 
Kit.  It's  the  first  copier  and  printer  protection  to 
be  validated  by  Common  Criteria,  a  government- 
sponsored  program,  and  it's  available  only  with 
our  Digital  IMAGER™  series  of  copiers/printers. 
Sharp's  Data  Security  Kit.  Enhanced  information 
protection  at  your  fingertips,  sharpusa.com/security 


Want  to  cut  your  IT  costs  without  sacrificing 
performance?  PRIMEPOWER  Servers  from  Fujitsu. 

■  The  secret  is  out.  PRIMEPOWER™ Solaris™- compatible 
servers  from  Fujitsu® deliver  a  major  breakthrough  in 
price/performance  compared  to  our  more  famous 
competition.  Want  proof?  PRIMEPOWER  servers  offer 
such  an  advantage  that  the  world’s  leading  com¬ 
panies  use  them  to  boost  their  performance.  And  there’s  a 
PRIMEPOWER  server  that’s  right  for  any  application  you  need  — 
from  single  CPU,  rack-mounted  servers  to  enterprise-ready 
systems  that  scale  to  1 28  CPUs  for  unsurpassed  performance  in 
the  data  center. 

Of  course,  it’s  not  just  the  hardware  you’re  buying.  It’s  also 
Fujitsu’s  30+  years  of  experience  supporting  high-perform¬ 
ance,  mission-critical  systems.  We’ve  already  helped  many 
companies  consolidate  their  IT  infrastructures  and  lower  their 
Total  Cost  of  Ownership.  Our  free  white  paper,  The  Why  and 
How  of  Server  Consolidation,  explains  how.  Get  your  copy  at 
www.ftsi.fujitsu.com/ad.  Or  call  (877)  905-3644. 
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Solaris  is  a  trademark  or  a  registered  trademark  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries. 
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Don’t  Panic,  Push  Back 

Worried  about  a  software  audit?  The  worst 
thing  you  can  do  is  panic.  The  best  thing  to 
do,  says  Portland  Public  Schools  CTO  Scott 
Robinson  (left),  is  stand  strong  and  make  your 
case  against  the  vendor  visit.  Page  42 


CRM:  Ready  or  Not? 

Check  out  this  new  book 
to  help  you  rate  your 
company’s  preparedness 
for  embarking  on  a  CRM 
project.  Page  40 


OPINION 

The  True  Costs  of  Software 

A  simple  TCO  analysis  isn’t  enough 
to  figure  out  the  underlying  costs 
of  “free”  software,  says  columnist 
Alan  MacCormack.  Page  44 


market. 

early  low-fare  legends  like  Southwest 
Airlines  Inc.  billed  themselves  as  no- 
frills,  low-tech  and  high-touch  carriers, 
Song  touts  high  levels  of  all  three. 

Promoting  itself  as  the  “all-digital 
airline,”  Song  plans  to  use  a  barrage  of 
in-flight  amenities  and  entertainment 
to  go  head-to-head  with  the  leather 
seats  and  individual  seat-back  satellite 
TV  screens  of  JetBlue  Airways  Corp., 
which  has  been  poaching  with  impuni¬ 
ty  in  Atlanta-based  Delta’s  New  York- 
to-Florida  backyard.  (Song  may  soon 
face  an  additional  competitor  in  a 
planned  low-fare  entry  from  UAL 
Corp.’s  United  Air  Lines  Inc.) 

Song  is  using  a  common-sense 
blend  of  technology  and  people  power 
to  drive  costs  down  and  revenue  up, 
while  functioning  as  a  pilot  project 
for  the  greater  Delta  operation. 

High-Tech  Package 

Song  is  targeted  at  cost-conscious 
leisure  travelers,  taking  over  routes 
from  the  defunct  Delta  Express,  whose 
demise  from  cost  overruns  was  partly 
tied  to  its  low-volume,  119-seat  737-200 
jets.  Song  flies  to  vacation  destina¬ 
tions,  so  far  mostly  in  Florida,  using  a 
fleet  of  199-seat  757s.  (Adding  a  200th 
seat  would  have  required  an  additional 
flight  attendant.) 

Song  took  off  on  April  15,  but  it’s  still 
shaking  out  and  gearing  up  its  opera¬ 
tions.  It  plans  to  entice  travelers  with 
free  seat-back  digital  television  and 
will  offer  movies,  cached  Internet  con¬ 
tent  for  shopping  (uploaded  at  the  end 
of  the  flight),  MP3  audio,  and  video 
games  that  can  be  played  with  other 
passengers  —  all  for  a  price.  It  will  also 
be  the  first  airline  to  sell  brand-name 
food,  snacks  and  drinks  and  accept 
credit  card  payments  in  flight. 

Unfortunately,  the  much-hyped  en¬ 
tertainment  won’t  begin  being  phased 
in  until  October,  and  it  won’t  reach  all 


Delta’s  new  ‘all-digital’  Song  airline  is 
testbed  for  techno  ogy  and  productivity 
improvements.  By  Kathleen  Melymuka 
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36  planes  until  March  2004.  “A  tough 
way  to  start  —  with  a  bunch  of  disap¬ 
pointed  customers,”  says  Mark  Riseley, 
a  Gartner  Inc.  analyst  who  studies  the 
low-cost  airline  industry.  To  counter¬ 
balance  that,  he  says,  Song  needs  to 
lead  on  price  and  service,  and  that’s 
where  its  ability  to  leverage  Delta 
technology  can  make  a  difference 
(see  “The  Delta  Nervous  System,” 
next  page). 

“When  the  business  decision  was 
made  to  launch  a  new  airline,  re¬ 
sources  came  from  all  over:  applica¬ 
tions,  middleware,  engineering,  field 
services.  We  all  rallied, ’’says  John  Jaco¬ 
bi,  vice  president  of  customer  systems 
at  the  airline’s  information  services 
arm,  Delta  Technology  Inc.  “Song  is 
just  as  important”  to  Delta  Technology 
as  Delta’s  main  line  is,  he  noted. 

The  result  is  an  impressive  package 
of  technology  —  from  kiosks  to  bar- 
coded  boarding  passes  —  to  cut  costs, 
improve  service  and  boost  productivity. 

Quick  boarding  is  the  key  to  one  of 
the  biggest  cost-saving  innovations  at 
Song:  the  50-minute  turn.  (A  turn  is 
the  time  it  takes  to  discharge  passen¬ 
gers  and  baggage;  clean  the  plane;  take 
on  new  passengers,  baggage  and  sup¬ 
plies;  and  be  ready  for  take-off.)  “The 
biggest  deal  from  an  efficiency  stand¬ 
point  is  to  keep  the  airplanes  flying,” 
says  Joe  Serratelli,  vice  president  for 
productivity  at  Song.  “That’s  how  com¬ 
panies  drive  revenue.” 

Southwest  achieved  its  envied  cost 
structure  partly  as  a  result  of  turning 
its  737s  in  20  minutes.  Song’s  50- 
minute  turn  is  enabled  by  proprietary 
technology  in  the  air  as  well  as  cre¬ 
ative  use  of  technology  on  the  ground. 
For  example,  at  Song,  the  gate  informa¬ 
tion  screens  double  as  movie  screens 
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’  Technology  is  helping  Song  cut  costs, 
improve  service  and  boost  productivi- 

: '  •  ty  by  offering  the  following  features: 

' 

■  A  dedicated  Web  site  ( www. 
flysong.com )  that  assists  cus¬ 
tomers  in  finding  the  lowest  fares, 
buying  tickets,  checking  in  and 
printing  boarding  passes  at  home 

■  Kiosks  for  automated  check-in 
from  the  airport 

■  An  automated  voice  response 

phone  service  (coming  later  this 
year)  that  will  enable  customers 
to  find  a  flight  and  book  a  ticket 
without  human  intervention 

■  Bar-coded  boarding  passes  that 
facilitate  boarding  and  reassign¬ 
ment  of  passengers  in  the  event 
of  a  flight  cancellation 

■  Gate  information  displays  to 

update  passengers  on  flights, 
stand-by  or  upgrade  status,  and 
weather  at  the  destination,  or 
to  redirect  them  in  case  of  a  gate 
change  or  cancellation 


for  mock  horror  films  like  The  Thing 
That  Wouldn’t  Get  Out  of  the  Aisle. 
“People  chuckle,  but  they  learn  some¬ 
thing  about  how  to  board  more  effi¬ 
ciently,  and  we  pick  up  a  couple  pre¬ 
cious  moments  there,”  says  Serratelli. 
As  a  result,  Song’s  aircraft  spend  23% 
more  time  in  the  air  than  counterparts 
in  Delta’s  main  line. 

Although  Song  and  Delta  share  tech¬ 
nology  resources,  Jacobi  says  there’s 
no  tug  of  war  because  Delta  sees  Song 
as  a  testbed  for  new  ideas.  “Things  that 
work  can  easily  be  scaled  for  Delta,” 
explains  Joanne  Smith,  vice  president 
of  marketing  and  customers  at  Song, 
adding  that  the  50-minute  turn  is  al¬ 
ready  being  considered  for  adoption 
by  the  larger  Delta. 

Technology  can  help  to  keep  a  lid  on 
costs,  but  it  takes  more  to  make  a  suc¬ 
cessful  airline,  Riseley  says.  “The  low- 
cost  airline  industry  is  not  just  about 
delivering  to-the-bone  cost;  it’s  decent 
service  at  to-the-bone  cost,”  he  ex¬ 
plains.  “The  customer  expectation  is 
‘cheap  and  cheerful,’  and  there’s  got  to 
be  equal  emphasis  on  both.” 

For  example,  he  says  that  self-service 
check-in  \  ill  make  a  significant  dif¬ 


ference  —  if  people  use  it.  “But  there 
is  a  hand-holding  part  of  the  process 
where  you  have  to  get  people  used  to 
the  machines,”  Riseley  says. 

Song  understands  that  and  has 
heavily  integrated  people  and  tech¬ 
nology  in  airport  lobbies.  “If  you  just 
throw  kiosks  out  there  and  hope  peo¬ 
ple  will  find  and  love  them,  that  doesn’t 
work,”  Serratelli  says.  “It  works  better 
if  employees  are  there  in  the  lobby 
as  meeters  and  greeters,  directing 
people.” 

This  approach  has  helped  Song  ex¬ 
ceed  its  goal  of  80%  alternative  check¬ 
in  at  some  airports,  he  says. 

Song  isn’t  afraid  to  use  less-sexy 
technology  when  it  makes  sense.  “The 
age-old  problem  for  airports  is  pockets 
of  time  where  we’re  not  busy  and  oth¬ 
ers  where  we’re  getting  clobbered 
[with  crowds].  But  you’ve  got  fixed 
staffing,”  says  Serratelli.  Delta  and 
Song  have  addressed  that  problem  in 
some  airports  with  banks  of  phones 
connected  directly  to  reservations 
agents  who  can  help  customers  check 
in  or  change  itineraries  without  wait¬ 
ing  at  the  counter.  The  result,  he  says, 
is  “fewer  [customers]  standing  in  line, 
and  we  don’t  need  to  have  as  many 
people  on  the  front  end.” 

People  are  the  one  cost  that  could 
scuttle  Song  despite  its  technology, 
Riseley  says.  Because  Song  has  hired 
from  within  Delta,  it  has  the  same  per¬ 
sonnel  costs  as  the  larger  airline  and 
won’t  have  a  cost-cutting  culture  built 
in  from  the  beginning,  as  a  true  start¬ 
up  could.  “Keeping  costs  low  is  not 
just  a  recipe  you  follow,”  he  says.  “It’s 
about  a  philosophy  of  cost  control,  and 
that  has  to  apply  right  across  the  busi¬ 
ness  and  across  the  staff  you  hire.” 

Tech  Competition 

Whether  technology  can  make  enough 
difference  to  keep  Song  in  the  air  is 
difficult  to  answer.  Delta  won’t  divulge 
how  much  it  saves  on  Web  reserva¬ 
tions  and  technology-enabled  check-in 
vs.  person-to-person  transactions.  But 
Riseley  says  a  reservation  done  via  a 
private  Web  site  can  save  $4  per  trip 
segment  (takeoff  and  landing)  over 
one  done  through  a  global  reservation 
system,  and  an  e-ticket  saves  about  $5. 
Trouble  is,  these  technologies  are 
quickly  becoming  standard.  “There’s 
a  lot  of  that  in  travel  already,”  he  says, 
so  they  won’t  offer  much  of  an  advan¬ 
tage  over  rivals. 

How  much  revenue  can  be  gained 
through  in-flight  sales  and  digital  en¬ 
tertainment  is  still  unknown,  but  Rise- 
ley  notes  that  Ryanair.com  Ltd.,  a  low- 
cost  airline  in  the  U.K.,  derives  10%  of 


MWhen  the  busi¬ 
ness  decision 
was  made  to  launch  a 
new  airline,  resources 
came  from  all  over: 
applications,  middle¬ 
ware,  engineering,  field 
services.  We  all  rallied. 

JOHN  JACOBI,  VICE  PRESIDENT  OF  CUS¬ 
TOMER  SYSTEMS,  DELTA  TECHNOLOGY  INC. 

its  operating  revenue  from  hawking 
goods  and  services  during  flights.  “So 
there  is  a  potential  for  ancillary  rev¬ 
enue  to  be  important,”  he  says. 

Song  is  also  planning  to  give  busi¬ 
ness  partners  such  as  American  Ex¬ 
press  Co.  a  shot  at  its  captive  digital 
audience  for  a  fee. 

Song’s  onboard  technology  promises 
to  be  fun.  Whether  it  will  draw  travel¬ 
ers  is  yet  to  be  seen.  Its  cost-cutting 


technologies,  for  the  most  part,  aren’t 
unique,  but  they  are  comprehensive. 

Its  revenue-enhancing  schemes  seem 
like  drops  in  the  bucket,  but  at  low- 
cost  airlines,  every  dollar  counts.  Its 
personnel  costs  are  a  big  challenge,  but 
with  the  smart  use  of  technology,  Song 
seems  to  be  providing  good  service 
with  fewer  people. 

Whether  Song  can  succeed  may 
depend  on  how  you  define  success. 
“Stand-alone  profitability  is  not  the 
only  way  to  measure  success  in  this 
venture,”  said  analyst  Gary  Chase  in  a 
recent  equity  research  report  for  Leh¬ 
man  Brothers  Holdings  Inc.  “The  true 
barometer  of  success  will  be  its  impact 
on  JetBlue.” 

“Song  is  a  defensive  move,”  Riseley 
agrees.  “If  it  maintains  Delta’s  overall 
market  position  and  stops  JetBlue’s  ad¬ 
vance,  that  may  be  enough.”  I 


Melymuka  is  a  Computerworld  con¬ 
tributing  writer.  You  can  contact  her  at 
kmelymuka@yahoo.com. 


The  Delta  Nervous  System 


Song  starts  with  a  leg  up  on  the  competi¬ 
tion  through  its  connection  to  Delta’s  digi¬ 
tal  infrastructure,  known  as  the  Delta 
Nervous  System  (DNS).  Developed  by  the 
airline’s  information  services  arm,  Delta 
Technology,  the  DNS  receives,  stores,  or¬ 
ganizes,  synchronizes  and  distributes  all  the 
data  that’s  essential  to  running  the  airline. 

DNS  communicates  information  in  real 
time  about  thousands  of  daily  “events,” 
ranging  from  a  ticket  purchase  or  board¬ 
ing-pass  scan  to  a  change  in  gate  or  ar¬ 
rival  time.  It  does  this  through  a 
series  of  layers  that  support  dif¬ 
ferent  functions: 

■  The  device  services  layer, 
closest  to  the  customer,  records 
events  and  updates  information.  Compo¬ 
nents  include  reservations  workstations 
and  boarding-pass  scanners. 

■  In  the  next  layer,  information  deliv¬ 
ery  channels  tailor  the  format  of  the  data 
to  suit  the  device  on  which  it’s  displayed, 
from  a  workstation  to  a  gate-side  pas¬ 
senger  information  screen. 

■  Common  application  services  m 
low  application  developers  to  create  new 
software  quickly  and  easily  with  reusable 
tools  and  processes. 

■  The  data  broker  layer  retrieves  bits 
of  data  from  enterprise  databases,  as¬ 
sembles  it  into  packages  designed  for  the 
business  context  in  which  the  information 


will  be  used  and  ensures  that  requesters 
are  authorized  to  see  it. 

■  For  data  storage.  Delta  uses  soft¬ 
ware  from  Oracle  Corp.  on  Hewlett- 
Packard  Co.  Unix  N-class  servers  for  data 
specific  to  particular  business  applica¬ 
tions.  It  uses  DB2  on  IBM  mainframes  as 
the  central  repository  for  operational  data 
such  as  schedules,  flights,  passenger 
bookings,  customer  data,  tickets  and 
seat  inventory.  Teradata  software  on  an 
NCR  Corp.  system  manages  the  corpo¬ 
rate  data  warehouse,  where  in¬ 
formation  is  summarized  for 
trend  analysis  and  forecasting. 
IBM  mainframes  running  the 
Transaction  Processing  Facility 
(TPF)  operating  system,  tailored  for  high¬ 
speed  and  high-volume  transactions, 
manage  operations  and  reservations  sys¬ 
tems.  Other,  non-TPF  mainframe  systems 
run  on  the  OS/390  operating  system. 

The  DNS  uses  middleware,  including 
IBM’s  MQSeries  products  and  Tibco 
Software  Inc.’s  Rendezvous.  Business 
Works  and  Business  Connect,  to  move 
data  from  system  to  system.  Its  home¬ 
grown  integration  platform  can  handle 
feeds  of  information  as  diverse  as  main¬ 
frame  TPltransactions,  business  ^H|| 
cations  and  external  messaging  from 
business  partners. 

-  Kathleen  Melymuka 
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NE  OF  THE  BIGGEST  MYTHS 
about  CRM  is  the  idea 
that  any  company  can 
embrace  it  and  expect  re¬ 
sults.  Well,  that’s  like 
thinking  anyone  can  run 
the  New  York  Marathon. 
Depending  on  your  physical  readiness 
(in  terms  of  weight,  training  and  en¬ 
durance),  you  could  be  months  or  years 
away  from  even  entering,  let 
alone  completing,  the  race. 

Similarly,  a  minimum  “orga¬ 
nizational  readiness  rating” 

(in  terms  of  customer, 
process  and  systems  maturi¬ 
ty)  must  be  in  place  for 
CRM  to  happen  successfully. 

Since  CRM  is  about  iden¬ 
tifying,  retaining  and  increas¬ 
ing  the  profitability  of  your 
best  customers,  something 
every  business  under  the  sun 
ultimately  wants  to  do,  it 
seems  like  the  last  question 
you’d  want  to  ask  is  whether 
CRM  is  for  you.  Unfortu¬ 
nately,  because  you  have  only  a  one  in 
five  chance  of  success,  and  simply  at¬ 
tempting  the  feat  will  cost  $5  to  $15,000 
per  user  per  year,  you  want  to  be  very 
sure  you  can  answer  this  question. 

You  should  be  looking  at  CRM  only 
if  you  have  a  large  number  of  cus¬ 
tomers  (say,  more  than  5,000),  the  typi¬ 
cal  customer  is  worth  a  lot  in  terms  of 


profits,  and  you  have  a  large  sales  staff 
trying  to  sell  complex,  customized 
products  in  multiple  channels  (see 
quiz,  next  page).  If  not,  then  the  costs 
and  disruption  that  CRM  entails  won’t 
be  worth  the  benefits,  and  you  should 
look  to  process  improvements  and 
simpler  tools  like  contact  managers  or 
Web-based  application  services. 

The  key  to  CRM  success  is  to  ana¬ 
lyze  your  company’s  matu¬ 
rity  in  four  areas:  customer 
focus,  process,  systems  and 
people. 

Customer  Maturity 

Most  companies  have  a 
very  good  idea  of  what  it 
costs  to  build  and  ship  a 
product  or  create  a  service 
and  the  overall  revenue 
generated.  But  a  customer- 
focused  company  wants  to 
know  the  following: 

■  Who  is  likely  to  buy  a  given 
product  or  service?  The  an¬ 
swer  would  enable  us  to 
target  prospects  with  a  similar  profile 
and  convert  them  to  customers. 

■  Why  do  customers  leave  for  the  compe¬ 
tition?  The  answers  would  enable  us 
to  fix  the  associated  problems  and  to 
identify  other  customers  facing  similar 
issues  and  prevent  them  from  possibly- 
leaving  as  well. 


or  service,  and  what’s  the  nature  of  their  in¬ 
teractions  with  the  company?  The  answers 
would  enable  us  to  identify  opportuni¬ 
ties  for  cross-selling  and  upselling. 

Customer  maturity  is  therefore  a 
measure  of  how  far  a  company  has 
evolved  from  a  product-based  model 
(moving  products  out  the  door  at  mini¬ 
mum  cost)  to  a  customer-based  model 
(who’s  buying  our  products,  why  do 
they  like  us,  how  can  we  measure  satis¬ 
faction,  why  do  they  leave,  and  how 
can  we  sell  them  more?). 

Companies  with  a  high  level  of  cus¬ 
tomer  maturity  try  to  identify  the  most 
profitable  customers,  quickly  answer 
customer  questions  and  even  talk  to 
ex-customers  to  figure  out  why  they 
left.  These  are  steppingstones  to  CRM 
and  could  result  in  IT  systems  such  as 
a  data  warehouse,  sales  force  automa¬ 
tion,  a  marketing  information  system 
and  a  one-stop  call  center. 

But  each  of  those  evolutionary  steps 
can  take  six  months  to  two  years  or 
more  and  cost  millions  of  dollars  in  the 
process.  So  the  higher  the  level  of  cus¬ 
tomer  maturity,  the  lower  the  barriers 
on  the  road  to  CRM. 

Process  Maturity 

The  ease  with  which  CRM  tools  and 
technology  can  be  absorbed  into  the 
enterprise  is  directly  dependent  on 
how  mature  the  processes  are  in  the 
customer-facing  functions  of  sales, 
marketing  and  customer  service. 

Consider  the  field  of  software  engi¬ 
neering,  where  it  became  readily  ap¬ 
parent  that  the  ability  of  an  IT  organi¬ 
zation  to  absorb  computer-aided  soft¬ 
ware  engineering  tools  was  directly 
dependent  on  the  IT  department’s 
process  maturity.  This  led  to  the  fa¬ 
mous  process  maturity  levels  defined 
by  Watts  Humphrey  of  the  Software 
Engineering  Institute: 

■  Level  1:  Processes  are  “anything 
goes”  and  lack  even  rudimentary  pre¬ 
dictability  of  schedules  and  costs. 

■  Level  2:  Processes  are  stable  and 
repeatable.  There’s  rigorous  manage¬ 
ment  of  commitments,  costs,  sched¬ 
ules  and  changes. 

■  Level  3:  The  organization  has  de¬ 
fined  the  methodology  and  can  consis¬ 
tently  apply  it  with  standard  metrics. 

At  this  point,  advanced  technology  can 
usefully  be  introduced. 

■  Level  4:  The  organization  now  has 
a  foundation  for  continuing  process 
improvement. 

It  doesn’t  take  much  imagination  to 
see  that  those  maturity  levels  could  ap¬ 
ply  equally  well  to  processes  like  sales, 
marketing  and  customer  service.  Cus¬ 
tomer  service  and  order  management 


■  How  do  customers  actually  use  a  product 


Book  Excerpt:  Figure  out  your  ‘organiza¬ 
tional  readiness  rating’  before  starting  a 
CRM  project.  By  Michael  Gentle 


departments  are  by  definition  process- 
oriented.  Sales  and  marketing  depart¬ 
ments,  however,  are  notorious  for  then- 
lack  of  process.  It’s  routine  for  market¬ 
ing  departments  to  have  little  or  no 
idea  of  campaign  effectiveness.  As  for 
sales  reps,  they’re  inherently  individu¬ 
alistic  and  averse  to  rules  —  what 
counts  is  closing  the  deal;  the  “how”  is 
secondary.  Between  first  contact  with 
a  prospect  and  the  closing  of  a  deal, 
black  magic  is  alive  and  well!  So  this  is 
an  enormous  opportunity  to  improve 
sales  and  marketing  processes. 

A  maturing  sales  and  marketing  de¬ 
partment  is  focused  on  metrics  such  as 
the  sales  lead-to-close  ratio  and  the 
sales  cycle  duration.  Such  metrics  are 
inextricably  linked  to  CRM  and  could 
result  in  IT  systems  such  as  sales  force 
automation,  an  order  configurator  and 
interfaces  between  systems  to  elimi¬ 
nate  the  rekeying  of  information. 

Companies  not  yet  at  the  repeatable 
process  stage  will  find  it  extremely  dif¬ 
ficult,  if  not  impossible,  to  implement 
CRM  software,  for  the  simple  reason 
that  there  are  no  processes  to  automate! 
Instead  of  jumping  into  the  deep  end  of 
CRM,  they  should  instead  concentrate 
on  defining  their  basic  processes  and 
gradually  automating  those  processes. 


Systems  Maturity 


Systems  tend 
to  resemble 
the  organizations 
that  build  them. 


Systems  maturity 
is  a  measure  of 
how  far  a  compa¬ 
ny’s  systems  have 
evolved  to  reflect 
its  level  of  cus¬ 
tomer  and  process 
maturity.  The  most  important  measure¬ 
ment  of  systems  maturity  is  the  evolu¬ 
tion  from  islands  of  automation  to  in¬ 
tegrated  systems  that  share  and  pass  in¬ 
formation  across  functional  boundaries. 

A  company  with  a  low  level  of 
systems  maturity  would  have  com¬ 
pletely  disparate  systems  —  and  no  in- 
formation-sharing  —  for  sales,  orders, 
delivery,  billing  and  customer  service. 
An  intermediate  level  of  maturity  would 
have  interfaces  between  some  of  those 
systems,  some  information-sharing  and 
a  partial  view  of  the  customer’s  life 
cycle  activity. 

At  the  highest  level  of  maturity, 
there’s  full  information-sharing  and  a 
full  view  of  the  customer  and  inter¬ 
faces  to  back-office  systems.  Plus,  deci¬ 
sion  support  becomes  part  of  the  land¬ 
scape,  with  transactional  data  consoli¬ 
dated  to  form  a  data  warehouse  (and 
possibly  spin-off  data  marts). 

The  growth  in  systems  maturity  is  a 
long-term  process,  with  key  interfaces 
and  a  data  warehouse  taking  up  to  two 
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The  CRM 
Readiness  Quiz 

Test  your  company’s  maturity 
to  see  if  it’s  prepared  for  a  CRM  project. 


PART  1:  SHOULD  YOU  EVEN  CONSIDER  CRM? 

YES  or  NO 

■  Do  you  have  a  large  number  of  people  (more  than  30)  in  sales  and 
service  in  direct  contact  with  customers? 

■  Are  you  in  a  highly  collaborative  environment,  with  customer  inter¬ 
action  requiring  input  from  multiple  players  in  sales  and  service? 

■  Do  you  sell  complex  products  that  require  a  high  degree  of  configu¬ 
ration  and  customization? 

■  Do  you  have  a  large  number  of  customers  (more  than  5,000)? 

■  Is  a  typical  customer  relationship  worth  a  lot  to  you  from  a  profit 
standpoint  (will  it  cost  you  a  lot  to  lose  one)? 

■  Can  your  customers  interact  with  you  across  multiple  channels? 

■  Do  you  have  frequent  contact  with  large  groups  of  customers,  or  all 
customers,  across  multiple  channels? 

■  Do  you  need  to  customize  what  you’re  saying  to  each  customer 
through  these  channels? 

Scoring:  If  you  have  three  or  fewer  yes  answers,  your  company  isn’t  a 
candidate  for  CRM.  Instead,  consider  simple  tools  like  contact  man¬ 
agers  or  Web-based  applications,  and  fix  the  business  processes.  If 
you  have  four  or  more  yes  answers,  then  score  one  point  and  continue. 

PART  2:  RATE  YOUR  MATURITY  LEVELS 

SCORE 

■  Customer  maturity:  Is  the  same  unique  customer  identifier  (real  or 
cross-referenced)  used  in  at  least  two  of  the  following  systems: 
sales,  ordering,  billing,  customer  service?  Yes  =  2  points 

■  Process  maturity:  Do  you  have  repeatable  processes  in  the  follow¬ 
ing  functional  areas? 

•  Marketing:  Yes  =  2  points  •  Sales:  Yes  =  3  points 

•  Order  management:  Yes  =  1  point  •  Billing:  Yes  =  1  point 

•  Customer  service:  Yes  =  1  point 

Add  the  points  and  enter  the  total  in  the  box. 

a  Systems  maturity: 

Do  you  have  a  data  warehouse  that  consolidates  information  about 
customers  and  products?  Yes  =  3  points 

Do  you  have  an  automatic  interface  between  sales  and  order  man¬ 
agement  (no  double  entry)?  Yes  =  2  points 

Do  you  have  an  automatic  interface  (no  double  entry)  between  cus¬ 
tomer  service  and  at  least  one  of  the  following  systems:  sales,  order 
management,  billing?  Yes  =  2  points 

Add  the  points  and  enter  the  total  in  the  box. 

a  People  maturity:  Are  your  people  sufficiently  motivated  to  embrace 
CRM  concepts  and  tools  because  they're  relevant  to  their  jobs? 

Yes  =  3  points 

■  Start-ups:  Is  your  company  in  start-up  mode  or  less  than  two  years 
old?  Yes  =  -5  (subtract  5  points) 

Scoring:  Add  the  scores  from  Part  2,  plus  the  one  point  from  Part  1, 
and  enter  the  total  here. 

SCORING: 

•  7  points  or  fewer:  Your  company  isn’t  ready  for  CRM.  Concentrate  on  process  improvement  and  simple  tools  like  contact  management  software  or  Web-based  applications. 

•  8-14  points:  Your  company  is  ready  for  CRM,  but  much  more  work  remains  over  the  next  12  to  36  months  before  CRM  will  yield  tangible  benefits. 

•  15-21  points:  This  is  a  rare  occurrence!  Your  company  is  ready  for  CRM  because  of  a  sufficiently  high  level  of  maturity  in  terms  of  customers,  processes,  systems  and  people. 
CRM  is  a  logical  extension  of  what  you  already  do  and  will  yield  benefits  in  as  little  as  12  to  24  months. 


years  or  more  to  accomplish.  But  these 
are  the  building  blocks  for  CRM. 

People  Maturity 

Last  but  not  least,  let’s  not  forget  about 
people,  without  whom  no  process  or 
system  is  going  to  work  anyway.  Peo¬ 
ple  aren’t  going  to  spontaneously  em¬ 
brace  CRM;  they  have  to  be  motivated 
to  do  so. 

Students  of  psychology  and  motiva¬ 
tion  know  about  Maslow’s  triangle, 
which  explains  how  motivation  is 
based  on  personal  and  environmental 
prerequisites,  called  the  “hierarchy  of 
needs.”  You  can’t  ask  people  to  em¬ 
brace  concepts  like  achievement  and 
status  (esteem)  if  they  haven’t  got  the 
basic  prerequisites  of  food  and  shelter 
(physiological).  Similarly,  it  would  be  a 


mistake  to  assume  that  people  will  be 
naturally  motivated  to  embrace  CRM 
just  because  it  makes  sense  and  is  good 
for  the  customer  and  the  company. 
Certain  personal  and  environmental 
prerequisites  will  also  therefore  apply. 

In  the  CRM  hierarchy  of  needs,  peo¬ 
ple  will  be  more  likely  to  be  motivated  to 
take  up  CRM  if  their  job  descriptions  are 
relevant  to  it.  This  would  then  be  made 
even  easier  if  they’re  generally  satisfied 
with  their  careers,  benefit  from  a  good 
working  environment  and  don’t  have 
to  worry  about  losing  their  jobs. 

In  practice,  the  biggest  problems  with 
CRM  motivation  are  caused  by  bolting 
CRM  responsibilities  onto  existing  jobs 
without  redefining  performance  and 
pay.  Think  of  call  center  agents  whose 
performance  criteria  are  rarely  linked 


to  real  customer  satisfaction,  but  to 
throughput  based  on  routine  tasks  with 
little  intellectual  challenge.  A  company 
will  spend  millions  of  dollars  imple¬ 
menting  a  CRM  system,  then  put  it  in 
front  of  call  center  agents  earning  mini¬ 
mum  wage  whose  performance  criteria 
is  based  on  call  quantity  rather  than 
quality.  Another  example  is  in  sales, 
where  it’s  difficult  to  get  top-perform¬ 
ing  salespeople  to  buy  into  CRM  when 
they  associate  it  with  de-skilling  their 
jobs  and  helping  their  managers  look 
over  their  shoulders  and  give  away  the 
best  bits  of  their  territories  to  others. 

It’s  not  sufficient  for  a  company  at 
the  executive  level  to  buy  into  CRM, 
then  preach  the  gospel  to  the  rest  of 
the  people  and  expect  them  to  em¬ 
brace  it,  too.  People  will  only  buy  into 


CRM  when  they’re  motivated  to  do  so 
and  when  they’ve  been  properly 
trained  to  feel  comfortable  with  it. 

While  CRM  can  indeed  be  for  every¬ 
one,  there  are  many  prerequisites  that 
usually  take  a  few  years  to  achieve.  So 
ensure  that  your  company  first  learns 
to  walk  before  it  attempts  to  run.  ► 


Reprinted  with  permission  from  The 
CRM  Project  Management  Handbook, 
by  Michael  Gentle  (Kogan  Page  Ltd., 
2002).  Gentle  is  an  international  CRM 
consultant  based  in  Paris. 
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For  CRM  news,  features  and  resources,  visit 
Comp'Jterworltf  s  Web  site: 
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Worried  about  a  visit  from  the  vendor’s 
software  police?  Remember:  Software 
audits  are  negotiable.  By  Julia  King 


_ 


SHEER,  UNADULTERATED  PANIC. 

That’s  typically  an  IT  manager’s 
first  response  to  receiving  notice 
of  an  impending  audit,  in  which 
a  software  vendor  evaluates 
whether  the  user  is  complying  with 
a  software  license. 

It’s  also  exactly  the  wrong  response, 
one  that  almost  guarantees 
repeat  audits  or  threats  of 
audits  in  the  years  ahead, 
experts  say. 

“What  a  lot  of  companies  that  panic 
do  —  and  this  is  the  worst  thing  you 
can  do  —  is  just  pay,  and  that  payment 
can  be  150%  of  the  original  license  fee,” 
says  Pat  Cicala,  president  and  CEO  of 
Cicala  &  Associates  LLC  in  Hoboken, 
N.J.  “These  same  companies  then  over¬ 
license  for  insurance  so  it  will  never 
happen  again.  These  are  the  same 
companies  that  repetitively  are  target¬ 
ed  for  audits.” 

A  far  better  strategy  is  to  push  back 
and  push  back  hard.  That’s  what  Scott 
Robinson,  chief  technology  officer  at 
Portland  Public  Schools  in  Oregon,  did 
after  getting  an  audit  letter  from  Mi¬ 
crosoft  Corp.  in  March  2002.  The  let¬ 
ter,  which  arrived  at  the  school  dis¬ 
trict’s  busiest  time  of  year,  gave  Robin¬ 


son  60  days  to  complete  an  audit. 

The  cost  of  compliance  and  the  audit 
would  equal  the  cost  of  10  teaching  po¬ 
sitions,  Robinson  says.  It  would  also  be 
nearly  impossible  to  document  many 
of  the  district’s  20,000  devices  scat¬ 
tered  across  125  buildings,  because 
about  6,000  of  the  machines  were  do¬ 
nated.  Robinson  responded 
quickly  and  decisively. 

“I  told  them  I’ll  unplug 
every  device  [running  Microsoft]  and 
reimage  it  with  Linux  and  bring  it  back 
online,”  he  recalls.  “They  didn’t  believe 
me.”  But  after  Robinson  proceeded  to 
convert  five  school  computer  labs, 
each  with  30  machines,  to  Linux,  “we 
garnered  the  attention  of  the  vice  pres¬ 
ident  of  Microsoft’s  education  seg¬ 
ment,”  he  says. 


FAST  FACTS 

of  businesses  consider  them¬ 
selves  as  being  at  high  risk  for 
noncompliance  with  software  licenses. 

admit  that  they’d  find  it  diffi¬ 
cult  to  prove  ownership  of  all 
the  software  they  have  installed. 

BASE:  Survey  of  2,500  businesses  of  a!i  Sizes 


Ultimately,  Microsoft  backed  down 
and  even  invited  Robinson  to  speak  on 
audits  and  customer  relations  at  a  con¬ 
ference  for  its  salespeople. 

“It’s  not  that  we  don’t  want  to  be 
compliant,”  Robinson  says.  “It’s  just 
that  it  should  be  about  working  with 
the  customer  to  ensure  compliancy, 
rather  than  just  demanding  it.” 

Mark  Paris,  director  of  in¬ 
formation  systems  at  Klein- 
felder  Inc.,  a  San  Diego-based 
construction  management 
and  engineering  services 
company,  negotiated  his  way 
out  of  a  software  audit  pro¬ 
posed  by  Oracle  Corp.  The 
vendor  had  lumped  together 
three  or  four  reasons  for  an 
audit,  including  Kleinfelder’s 
growth  as  a  company  and  its 
distribution  of  Oracle  reports 
to  internal  users  not  licensed  on  the 
software.  Oracle  also  suggested  to 
Paris  that  it  was  in  Kleinfelder’s  best 
interest  to  change  to  a  different,  more 
expensive  software  licensing  model. 

But  Paris  balked  and  insisted  on  ad¬ 
dressing  each  of  the  vendor’s  issues  in¬ 
dividually.  “Their  goal  is  to  have  you 
look  at  this  huge  thing  and  put  fear  in 
your  heart.  But  when  the  whole  foot¬ 
ball  team  is  running  at  you  at  the  same 
time,  you  have  to  take  them  on  one  at  a 
time,”  he  says. 

Lor  example,  “on  the  growth  issue,  I 
agreed  that  we  were  growing,  but  it 
didn’t  make  sense  to  change  licensing 
models  just  yet,”  he  recalls.  “I  also  dug 
my  heels  in  on  the  reporting  issue,” 
which  Oracle’s  legal  department  ulti¬ 
mately  dropped.  In  the  end,  Paris  says, 
“when  we  dealt  with  the  issues  indi¬ 
vidually,  there  was  no  reason  on  Ora¬ 
cle’s  behalf  to  pursue  its  strong-arm 
tactic  of  pursuing  an  audit.” 

Still,  generally  speaking,  companies 
should  expect  and  plan  for  software 
vendors  to  exercise  their  audit  rights 
more  aggressively  and  more  frequent¬ 
ly,  warns  Jane  Disbrow,  an  analyst  at 
Gartner  Inc. 

“Part  of  the  reason  is  the  downturn 
in  the  economy.  If  you’re  out  selling  a 
lot  of  new  products,  you  don’t  have 
time  to  do  audits.  If  you’re  not  making 
revenue,  the  best  thing  vendors  can  do 
is  see  if  they  can  get  revenue  by  mak¬ 
ing  sure  current  customers  are  living 
up  to  licensing  agreements,”  she  says. 

If  an  audit  is  inevitable,  Disbrow 
advises  companies  to  designate  key 
personnel  who  know  about  business, 
licensing,  security  and  technical  issues 
to  deal  with  all  vendor  audit  requests. 
This  cross-functional  team  should  in¬ 
clude  representatives  from  the  IT,  pro¬ 


curement,  legal  and  internal  audit  de¬ 
partments  who  can  gather  all  internal 
data  on  license  deployment  and  deter¬ 
mine  upfront  the  minimum  security 
safeguards  necessary  before  allowing 
third-party  access. 

Experts  agree  that  the  best  way  to 
deal  with  a  software  audit  or  even  the 
threat  of  one  is  to  have  a  good  asset 

management  program,  which 
works  to  dissuade  vendors 
from  targeting  your  company 
in  the  first  place. 

“A  good  program  is  one 
that  includes  policies,  proce¬ 
dures  and  disciplinary  stan¬ 
dards;  ongoing  training;  on¬ 
going  user  awareness;  meth¬ 
ods  to  prevent  illegal  activity, 
such  as  monitoring,  filtering 
or  other  technical  measures; 
and  making  sure  that  all 
users  sign  off  on  that  policy,”  says 
Donna  Johnson  Edwards,  a  consultant 
at  Tenax  Inc.,  a  Richmond,  Va.-based 
company  specializing  in  IT  compli¬ 
ance  and  asset  management. 

In  contrast,  she  says,  “a  lame  pro¬ 
gram  is  a  company  handbook  that  gets 
handed  to  the  employee  when  they’re 
hired  and  never  gets  revisited.”  I 


THE  AUDITORS  ARE  COMING! 

Revenue-hungry  software  vendors  are  clamping  down 
on  license  compliance  and  threatening  more  audits: 

QuickLink  39183 
www.computerworld.com 


WHEN  PUSH 
COMES  TO  SHOVE 

Tips  for  surviving  a  software 
audit  (or  the  threat  of  one): 

■  Push  back.  Immediately  begin  assem¬ 
bling  your  case  for  why  an  audit  is  un¬ 
warranted. 

■  Negotiate  all  issues  individually. 

■  Designate  a  specialized  team  to  deal 
with  all  vendor  requests. 

■  Check  with  all  administrators  for  regis¬ 
tration  certificates,  paper  licenses  and 
documentation  that  may  be  stashed  in  file 
cabinets  and  drawers  scattered  through¬ 
out  the  company. 

■  Check  with  your  reseller,  which  is  typi¬ 
cally  responsible  for  keeping  records  of 
all  software  licenses  distributed  to  its 
customers. 

■  Establish  upfront  minimum  security 
standards  and  safeguards  before  allow¬ 
ing  third-party  access  to  your  systems. 

■  Insist  that  the  vendor  pay  for  the  audit. 

■  Get  legal  advice  as  necessary. 


SCOn  ROBINSON 

got  Microsoft  to 
back  down  on  its 
audit  threat. 


SOURCE:  TENAX  INC.,  RICHMOND.  VA. 


See  disparate  data  united. 

See  old  and  new  become  one. 
See  bits  of  data  become  insight 


Introducing  IBM  DB2  Information  Integrator  -  the  brand-new  software  that  turns  everything  in  its  path  into 
insight  and  opportunity:  rows  and  columns,  video  and  e-mail,  audio  and  Web.  It  works  wherever  your 
data  lives:  Oracle,  Microsoft  or  IBM.  It  works  in  real  time,  across  platforms:  Linux,  Windows,  UNIX.  Insight 
is  yours.  On  demand.  Faster  than  ever.  For  a  DB2  Information  Integrator  Kit,  visit  ibm.com/db2/integrate 

(©business  qn  demand  software 


IBM.  DB2.  the  e-business  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and-  or  other 
countries  Linux  is  a  registered  trademark  ot  Linus  Torvatds  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  .and.'or. other  countries. 
UNIX  is  a  regislered  trademark  of  The  Qpen  GroCip  in  the  United  States  and/or  other  countries  Other  company,  product  and  service  names  maV  be  trademarks  or, servic’fe  marks  of  others. 
2003  IBM  Corporation  All  rights  reserved., •  .  .  • </'  '  V  /  y’? 'V -V; 1 
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Since  the  Sept.  11 
attacks,  the  New 
York  Board  of  Trade 
has  been  working 
out  of  its  backup 
facility.  But  next 
month,  it  will  move 
into  a  state-of-the- 
art  trading  floor  in 
Long  Island  City, 
Queens,  designed 
by  consultancy  Business  Technology 
Partners  Inc.  in  New  York.  For  the 
past  six  years,  CEO  JOSHUA  AARON 
and  his  firm  have  been  providing  vir¬ 
tual  CTO  teams  that  execute  myriad 
network,  systems  and  software  proj¬ 
ects  for  companies  that  need  to  pick 
up  and  move  their  IT  operations. 
Aaron  spoke  with  Computerworld’s 
Jean  Consilvio  about  what  he’s 
learned  over  the  years. 


Can  you  give  some  tips  for  success¬ 
ful  IT  relocation?  It’s  one  of  those 
adages  where  every  hour's  worth  of  plan¬ 
ning  can  save  hundreds  of  thousands  of 
dollars.  You  should  conduct  a  thorough 
needs  analysis  upfront  Don't  be  afraid  to 
bring  on  the  resources  a  company  needs 
to  complete  that. 

■  If  you  take  on  a  major  relocation 
project,  it's  very  large  and  extra  to  [an  IT 
staffs]  normal  job  responsibilities,  plus  it 
isn't  something  they  do  every  day.  It’s  bet¬ 
ter  to  bring  in  help  from  qualified  profes¬ 
sionals. 

■  Get  your  communications  lines  and 
circuit  orders  in  early  so  they  can  be  iden¬ 
tified.  One  of  the  longest  lead  items  in  re¬ 
locating  is  WAN  and  public  switch  tele¬ 
phone  connectivity  for  new  offices. 

s  Make  sure  that  someone  from  your 
[IT]  team  is  on-site  every  day  during  con¬ 
struction  to  make  sure  things  are  being 
built  out  the  way  you  want  them  to  be. 

What  are  the  biggest  mistakes?  A  lot 

of  times  [companies]  don’t  do  an  ade¬ 
quate  job  upfront  of  meeting  with  their 
business  end  users  and  getting  all  their 
requirements  documented  so  they  can 
plan  the  project.  They  wind  up  making  too 
many  changes  during  the  construction 
penod ...  and  costs  start  to  spiral.  Also, 
not  identifying  long  lead-time  items  up- 
'  :rt  including  mechanical  systems  for 

'  elemental  cooling  and  air  conditioning 
tor  technology  rooms,  or  backup  power 
supplies.  And  probably  the  biggest  mis¬ 
take  is  not  providing  enough  end-user 
training  and  setting  the  proper  expecta¬ 
tions  about  their  new  environment. 
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ALAN  MacCORMACK 


The  True  Costs 
Of  Software 


OW  MUCH  DOES  “free”  software  really 
cost?  That  question  remains  at  the  heart 
of  decisions  made  by  CIOs  and  other 
technology  leaders  trying  to  decide  on 
the  software  and  associated  hardware 
that  will  lead  them  into  the  future. 

Advocates  of  Linux  and  other  open-source  products 
sometimes  argue  that  because  the  software  is  distrib¬ 


uted  free  of  charge,  it’s  self- 
evident  that  it’s  more  fi¬ 
nancially  attractive  than 
proprietary  products  from 
companies  like  Microsoft, 

IBM,  SAP  or  Oracle.  IBM, 
which  is  increasingly  push¬ 
ing  its  support  of  Linux, 
suggests  that  a  consensus 
is  emerging  that  the  total 
cost  of  ownership  (TCO) 
of  Linux  is  significantly 
lower  than  similar  costs  for 
competing  proprietary  op¬ 
erating  systems  (although 
it  doesn’t  appear  to  extend 
this  argument  to  other  open-source 
software  that  competes  with  its  own 
revenue-producing  software). 

Journalistic  accounts  of  the  spread 
of  open-source  also  tend  to  assume 
that  the  price  difference  is  a  critical 
competitive  advantage.  “Because  it  is 
free,”  declared  a  recent  Business  Week 
cover  story,  “Linux  is  undercutting  Mi¬ 
crosoft  much  the  way  Microsoft  has 
gutted  its  rivals  with  lower  prices  for 
the  past  two  decades.”  Yet  anyone  who 
looks  into  the  problem  of  measuring 
the  TCO  of  software  quickly  recog¬ 
nizes  how  murky  this  field  can  be. 
“Free,”  it  turns  out,  doesn’t  necessarily 
mean  cheaper. 

To  assess  the  merits  of  these  various 
claims,  I  recently  reviewed  a  large 
sample  of  publicly  available  articles 
that  purported  to  address  the  TCO  of 
different  server  operating  systems. 


The  fust  fact  to  emerge 
was  that  most  of  the  84  dif¬ 
ferent  documents  I  re¬ 
viewed  couldn’t  even  be 
considered  studies  —  they 
didn’t  capture  sufficient 
data  on  the  full  range  of 
costs  needed  to  evaluate 
TCO,  and  they  often  based 
their  conclusions  on  the 
analysis  of  results  from 
only  a  single  company’s 
experiences.  Yet  the  hand¬ 
ful  of  studies  that  were 
more  comprehensive  re¬ 
vealed  that  the  issues  sur¬ 
rounding  software  TCO  are  more 
complex  than  is  typically  portrayed. 

To  begin  with,  it  appears  that  the 
price  of  software  itself  —  whether  it’s 
free  or  not  —  is  so  low  relative  to  the 
TCO  that  it  may  have  little  impact  on 
the  outcome  of  IT  investment  deci¬ 
sions  for  many  purchasers.  In  most 
cases,  the  price  of  software  proved  to 
be  less  than  10%  of  the  TCO. 

Where  costs  do  become  significant 
for  all  types  of  software  is  in  the  level 
of  staffing  needed.  By  staffing,  I  mean 
the  training,  maintenance,  support,  ad¬ 
ministration  and  other  personnel  costs 
necessary  to  run  the  software  package 
efficiently.  These  costs  can  add  up  to 
as  much  as  50%  to  70%  of  a  software 
system’s  TCO  over  its  useful  life. 

Yet  even  staffing  costs  vary  greatly 
depending  on  what  type  of  workload 
is  placed  on  the  software  and  what 


sort  of  tools  the  software  provides  for 
users.  For  example,  one  study  that 
compared  the  TCO  of  Windows  and 
Linux  for  different  server  workloads 
found  that  the  Microsoft  product’s 
TCO  was  lower  for  networking  appli¬ 
cations  but  more  expensive  for  Web¬ 
serving  applications.  In  sum,  how  a 
company  uses  its  software  tells  you  a 
lot  more  about  TCO  than  the  sticker 
price. 

The  fact  that  people  use  software 
in  different  ways  also  points  to  one  of 
the  problems  in  using  a  simple  TCO 
analysis  to  make  purchasing  decisions. 
Too  often,  it’s  assumed  that  the  soft¬ 
ware  packages  being  compared  pro¬ 
vide  essentially  the  same  sets  of  bene¬ 
fits  to  users.  But  specific  products  and 
features  that  are  vital  to  some  users 
will  obviously  increase  a  particular 
software  package’s  value  relative  to 
other  packages.  Furthermore,  a  soft¬ 
ware  package  that  provides  more  ap¬ 
plications  and  choices  for  users  brings 
with  it  additional,  often  unmeasured, 
value.  A  CIO  must  therefore  be  careful 
to  examine  the  differences  in  both  cost 
and  value  to  make  an  effective  invest¬ 
ment  decision  for  any  type  of  software 
platform. 

A  company  must  understand  what  it 
expects  from  its  software  as  it  weighs 
the  decision  about  whether  to  em¬ 
brace  open-source.  Fortunately,  more 
companies  are  approaching  the  TCO 
issue  in  this  way.  Instead  of  just  look¬ 
ing  at  the  price  of  software,  they’re  do¬ 
ing  thorough,  company-specific  exam¬ 
inations  of  how  the  software  will  be 
used,  by  whom  and  for  what  purpose. 
Those  sorts  of  questions  ought  to 
bring  a  CIO  much  closer  to  what  his 
true  costs  are  —  and  deliver  a  healthy 
dose  of  realism  to  the  debate  about 
“free”  software.  I 
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See  it  fixed  before  it’s  broken. 

See  the  problem  before  it  occurs. 
See  IT  and  business  goals  as  one. 


Tivoli  software 
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Tivoli  Intelligent  Management  software.  It  s  here  now:  software  that  self-configures,  self-heals, 
self-optimizes  and  self-protects.  On  demand.  With  Tivoli,  on  demand  business  is  more  manageable 
than  ever.  You’ll  spend  less  time  worrying  about  mundane  tasks  and  more  time  on  important  things  — 
like  business  results.  For  a  customized  analysis  of  how  Tivoli  can  help  you,  visit  ibm.com/tivoli/seeit 


IBM  Tivoli,  the  e  business  logo  and  e  business  on  demand  are  registered  trademarks  or  trademarks  ot  International  Business  Machmes  Corporator!  it « 
2003  IBM  Corporation  Al  rights  reserved. 
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MARKETPLACE 


•  Wireless  Application  Protocol 

•  Boot-P  support 

•  Accessible  terminal  block  for  hardwire 
capability 

•  Event  configuration 

•  E-mail  notification 

•  Vertical  mounting,  requiring  zero  'U' 
of  space 

•  Remotely  manage  outlets  by  turning 

J_Reguires  separate  control _ - _ _ 


outlets  on/off  or  rebooting  connected 
equipment 

•  Built-in  Ethernet  interface*  for  direct 
connection  to  the  LAN 

•  MD5  authentication  security 

•  Power-up  sequencing  lets  you  configure 
the  sequence  in  which  power  to  outlets  is 
turned  on  or  turned  off. 


Every  product 
carrying  this  mark 
has  been  tested  and 
certified  for  use  with 
InfraStruXure* 
architecture.  Before 
you  buy,  check  for  the 
X  to  guarantee 
product  compatibility. 


Enter  to  WIN  a  FREE  APC  MasterSwitch™  today. 

Visit  Imp^/prornojipcxoni  Key  Code  m704y  •  Call  888-289-APCC  x6607  •  Fax  401-788-2797 

’52003  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail,  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston.  Ri  02892  USA 
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Reboot.,  with  no  'U'  there. 

Control  power  remotely  with  APC  s  space-saving  0  "U"  MasterSwitch M 

Control  power  to  your  valuable  connected  network  devices  using  MasterSwitch's  remote  on/off/reboot 
capability.  Ideal  for  any  situation  where  rebooting  or  power  cycling  is  required  of  equipment  or  “locked-up" 
servers.  The  MasterSwitch  mounts  vertically,  requiring  zero  U  space,  leaving  you  with  more  room  for  your 
network  equipment.  Trust  your  remote  management  needs  to  the  leader  in  power  protection:  APC.  To  learn 
more  today  visit  us  online  at  www.apc.com 

OPTIMIZED  FOR  MANAGEMENT  AND  CONTROL 


With  over  15  million 
satisfied  customers,  APC's 
Legendary  Reliability* 
guarantees  peace  of  mind. 


Legendary  Reliability* 
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BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 
»  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical 
environmental  and  network  elements  in  your 
server  room,  data  center,  or  telecomm 
installation  and  reports  to  you  instantly 
when  events  threaten  your  infrastructure. 

The  IMS-4000  keeps  watch  so  you  don't 
have  to. 

See  these  features  and  more  on  the  web  1 
at —  www.sensaphone.com/ims-4000.html 


Tel:  610.558.2700 

Phonetics,  Inc. 

Fax:  610.558.0222 

877-373-2700 

901  Tryens  Road 

www.sensaphone.com 

Aston,  PA  19014 

Reach  Respected  IT  Leaders  in 

COMPUTERWORLD  ^ 
Marketplace  Advertising  Section 

The  Computerworld  Marketplace  advertising  section  1 
reaches  more  than  1.8  million  IT  decision  makers  every 
week.  Marketplace  advertising  helps  Computerworld 
readers  compare  prices,  search  for  the  best  values,  i; 
locate  new  suppliers  and  find  new  products  and  services 
for  their  IT  needs.  I  | 


To  advertise,  call  212-655-5111 
or  email  print@ven.com 
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Programmer  Analysts  Green¬ 
wich  Village  Fish  Co.  Inc.  has 
openings  for  Programmer 
Analysts  for  Iocs  in  NY.  Analyze, 
dsgn,  dvlp,  test  &  implmt  s/ware 
&  web  based  applies  using  MS 
Access,  MS  SQL,  ASP,  XML, 
HTML/DHTML,  C++,  VB  Script, 
Jscript,  Netscape  Composer, 
Tango  Creator,  &  Visual 
InterDev.  Pos  req  Bach  in  Elec. 
&  Comp  Eng  or  Comp  Sci  w/2 
yrs  exp.  Must  have  legal  author¬ 
ity  to  work  in  US.  Excellent  pay 
&  benefits.  Email  resume 
w/proof  of  work  status  to: 
apply@citarella.com 


Unix  Systems  Analyst: 
SunManagement 
Center,  BMC  Patrol 
on  a  Sun/Solaris  plat¬ 
form.  Experience  with 
Application  readiness 
service.  Please  send 
resumes  to  ahilenski 
@sigconsult.com. 


Amtex  provides  high-quality 
end-to-end  software  solutions. 
We  need  IT  professionals  work 
on  SADI,  WC,  and  EDB  system 
with  Rational  Rose,  JAVA  with 
STRUTS  framework,  Data 
Access  Objects  to  access 
Stored  Procedures  written  in 
COBOL.  Contact: 
info@amtexsystems.com.  EOE 

Picobyte  Consulting  is  looking 
for  programmer/system  ana¬ 
lysts,  software/project  engi¬ 
neers.  We  require  BS/MS  with  at 
least  1-year  experience  in  the  IT 
field.  Strong  skills  in  EJB, 
Oracle,  VB,  SAP,  Java,  SQL  pre¬ 
ferred.  Send  resumes  to  1500  S. 
6th  St.  Ste.  B,  Springfield,  IL 
62703.  EOE. 


PROGRAMMER  ANALYST  - 
Analyze,  design,  program, 
implement,  support  advanced 
computer  applications  utilizing 
Java-based  CORBA,  Swing, 
Java,  Java  Script,  XML,  HTML, 
Weblogic  application  server 
under  UNIX  and/or  Windows 
operating  environment  for 
client/server  and/or  internet- 
related  applications.  Respon¬ 
sible  for  migration  issues  con¬ 
verting  from  BOA-based 
CORBA  to  POA-based  CORBA 
&  integration  of  enterprise  sys¬ 
tems  &  legacy  systems.  Req. 
Bachelors  in  Comp.  Sci.,  MIS,  or 
Engg  (any  field)  plus  2  yrs  exp. 
Contact:  International  Systems 
Technologies,  Inc.,  1812  Front 
Street,  Scotch  Plains,  NJ  07076. 


Snake  Eye  Inc.  (Houston,  TX)  is 
seeking  Database  Administrator. 
6  mon.  exp.  using  Visual 
InterDev  6.0,  Frontpage, 
Photoshop  6.0,  and  Oracle. 
Send  resume  to  9300C  Harwin 
Dr..  Houston,  TX  77036  or  713- 
278-9588(F).  Attn:  Mike. 
Southern  Chinese  Newspaper 
Publishing  Co.  (Houston,  TX)  is 
seeking  computer  programmer. 
6  mon.  exp.  using  Chinese 
Windows.  Send  resume  to 
11122  Bellaire  Blvd,  Houston, 
TX  77072  or  281-498- 
2728(F)/281  -498-431 0(T).  Attn: 
Jean  Lin. 


Software  Engineer.  Research,  de¬ 
sign,  develop,  install  microproces¬ 
sor-based  soil-testing  unit  software 
systems,  including  fund,  specs, 
high-level  design,  prototype  prep., 
board  design  &  layout.  Analyze 
software  reqs.  Hardware  prod.  dev. 
Pacal,  C++,  Assembler  prog.  Mod¬ 
ule  &  unit  testing.  Reqs:  Master’s  or 
foreign  equiv.  in  Mngmnt  Info. 
Systems  or  Comp.  Sci.  &  4  yrs  exp. 
as  Software  Eng.,  Comp.  Prog.,  or 
Software  Dev.  Exp.  which  may 
have  been  obtained  concurrently 
must  include  4  yrs  exp.  in  C++, 
Pascal,  Assembler.  EOE.  40 
hrs/wk.  Send  resume  to  Sasha 
Kron,  Kron  Management  Consult¬ 
ing,  Inc.,  1120  Coronation  Drive, 
Dunwoody,  GA  30338. 


IT  Positions  -  Oracle, 
VB/ASP  Access,  C/C++, 
Visual  C++,  Cobol,  J2EE 
Framework,  Java  Script, 
HTML,  DB2,  Unix,  Web 
Interface,  IMS,  CICS,  IBM 
mainframe,  TeamCenter 
Enterprise,  Matlab.  Send 
resume  to  EASi 
Engineering,  1551  E. 
Lincoln  Ave.,  Madison 
Heights,  Ml  48071,  or  email 
to  Recruiter@easiusa.com. 
Must  include  Ref 
#:SP0803IT.  No  calls.  EOE. 


Applesoft,  Inc.,  seeks 
qualified  software  devel¬ 
opers  and  analysts  for 
projects  in  Taylorsville, 
Utah  &  other  locations  in 
the  US:  B.S.  +  2  yrs  exp. 
Send  resume  to  HR, 
721  W.  Sunny  River 
Rd.,  #428,  Taylorsville, 
UT  84123. 


Corpus  has  multiple  openings 
for  IT  professionals.  Following 
skills  preferred:  Oracle,  SQL, 
PL/SQL,  COBOL,  C/C++,  VB, 
SAP,  Java,  XML,  ERP,  ASP,  NT, 
XSL.  Minimum  BS  degree. 
Traveling  is  required  for  some 
positions.  Please  send  resumes 
to  info@corpuslnc.com.  EOE. 

Aluminum  Blanking  has  open¬ 
ings  for  system  or  programmer 
analyst  responsible  for  Oracle 
database  administration  & 
Intranet  management.  Candi¬ 
dates  must  have  BS  with  exp.  in 
Oracle  DBA.  We  offer  competi¬ 
tive  wage  with  full  benefits. 
Please  contact: 
landerson@albl.com.  EOE 


Programmer  Analyst:  Ana¬ 
lyze,  dsgn,  dvlp,  implmt,  test, 
document  &  maintain  s/ware 
applies  using  MTS,  DTS, 
COM/DCOM,  XML/  XSLT, 
Business  Objects,  Crystal 
Reports  ASP,  Java,  VBScript, 
RDS,  IIS  Administration, 
Erwin,  C,  C++  &  InstallShield. 
Bach  in  Engg  or  its  foreign 
academic  equiv  +  2yrs  exp  in 
job  offd.  Res:  Office  Mgr, 
Artilligence,  4142  Ogletown- 
Stanton  Rd,  #230,  Newark, 
DE  19713.  Fax:  603-372- 
2771. 


Transportation  co.  in  Chicago,  IL 
involved  in  tank  container  leas¬ 
ing  looking  for  Sr.  IT  Manager  for 
Tank  Div.  Qualified  candidate 
will  manage  functional  technical/ 
business  operations  of  IT  Div. 
Manage/  implementation  of 
new/enhanced  0.0.  Client 
Server  applic.  used  for  co.’s 
tracking/billing  systems.  Adm. 
specialized  systems  applic. 
throughout  regional  offices. 
Supv./train  professionals  in  IT 
projects.  Prev.  exp.  must  include 
technical  analysis,  design, 
development  &  supervision  of  IS 
conversion  projects  as  applied 
to  tank  leasing  or  transportation 
industry  combined  w/operational 
mngmt.  exp.  Computer  tools/ 
skills  required-exp.  w/any  3  of 
the  following:  Legacy,  Forte, 
Crystal,  Oracle,  NT  Server, 
People  Soft  plus  at  least  6 
months  experience  with  Java, 
SQL  Server,  Business  Objects  & 
Great  Plains.  Bachelors  (U.S., 
foreign  or  equiv.  training,  edu.  & 
exp.)  in  Bus.  Adm.,  MIS  or 
Comp.  Sci.  w/3  yrs  exp.  in  job 
offered  or  as  a  Project  Manager, 
Business  Support  Analyst  or 
System  Analyst.  Send  Resumes 
via  email  to  Union  Tank  Car 
Company  at  reauit@marmon.com. 
No  calls  please. 


Systems  Analyst  wanted  by 
MLCO.  Manage  day-to-day 
operation  of  e-commerce  appli¬ 
cation  sys.;  coordinate  with  pro¬ 
ject  managers  to  develop  strate¬ 
gic  enhancements  and  translate 
custom  business  rules  into  fea¬ 
sible  technical  solutions;  respon¬ 
sible  for  design,  development, 
testing  and  deployment  of  all 
enhancements  to  multi-tier  e- 
commerce  application  &  design 
and  implementation  of  custom 
integration  solutions  with  busi¬ 
ness  partners;  upgrade  applica¬ 
tion  level  security;  collaborate 
with  technical  team  to  integrate 
application  with  existing  func¬ 
tionality  of  legacy  sys.  Requires 
a  BS  in  Comp.  Sci.  &  2  yrs  exp. 
in  application  development  &  e- 
commerce  consulting  &  data¬ 
base  admin.  &  expertise  in  BEA 
WebLogic  Server  8.1  &  J2EE 
Application  development  & 
Microsoft  SQLServer  2000. 
Respond  to:  Mike  Kunz,  Michael 
Lewis  Co,  201  Mittel  Drive, 
Wood  Dale,  IL  60191. 


Assistant  Network  Administrator 
Administer  Novell  Netware, 
Macintosh  Apple  Share  IP 
Server,  Email  Server,  Microsoft 
SQL  Server,  Microsoft  IIS  & 
Java  2  Enterprise  Ed.  Server. 
Program  web  appli.  in  ASP.  JSP, 
&  Java.  Database  design  & 
analysis  in  Microsoft  SQL 
Server,  Visual  dBase,  mySQL,  & 
Microsoft  Access.  B.S.  in  CS  or 
rel.  &  abil.  to  use  C++,  HTML, 
Java,  ASP,  JSP,  mySQL,  CFML, 
UNIX,  Linux,  VB.  Scheme, 
ColdFusion  Studio.  40hr/wk.  9- 
5.  Send  resume  to:  Ms.  Cindra 
Tan,  VP  Finance,  Bennett  Kuhn 
Varner,  Inc.,  2964  Peachtree 
Road,  Ste.  700,  Atlanta,  GA 
30305 


Portal  Content  Analyst  -  Re¬ 
sponsible  for  analyzing,  evaluat¬ 
ing  and  developing  content  for 
Spanish  portal  (website)  of 
BellSouth.net.  Master's  degree  in 
Computer  Science,  Computer 
Information  Systems  or  related 
field  required  and  one  year  expe¬ 
rience  in  systems  and  web  con¬ 
tent  analysis  OR  Bachelor's 
degree  in  stated  fields  and  three 
years'  of  stated  experience. 
Must  be  fluent  in  Spanish. 
Please  forward  resume  to  Attn: 
Lisa  Burlingame,  BellSouth, 
2247  Northlake  Parkway,  Suite 
800,  Tucker,  Georgia  30084. 
Please  do  not  email  or  fax 
resumes.  EOE, 


SENIOR  PROGRAMMER  ANA¬ 
LYST:  (Retirement  Products  & 
Services)  Participate  in  projects 
leading  to  the  analysis,  design, 
enhancement  and  modification 
of  financial,  business  and  man¬ 
agement  systems,  applications 
and  programs.  Respons. 
include:  analyzing  pertinent 
data,  information  and  modes  of 
operation;  evaluating  existing 
and  proposed  systems;  translat¬ 
ing  comprehensive  business 
requirements  into  detailed  func¬ 
tional  specifications.  Duties  incl.: 
develop  and  test  systems  solu¬ 
tions;  write,  test  and  debug 
progams;  provide  support  in  the 
implementation  process:  define 
systems  parameters;  prepare 
SW/end-user  documentation; 
provide  training,  troubleshooting 
and  technical  support  services; 
install  and  maintain  mainframe 
systems;  and  complete  applica¬ 
tion  development  for  financial 
services  products.  Daily  use  of 
Cobol  II,  PL-SQL,  JCL,  CICS, 
VSAM  and  TSO/ISPF.  Min. 
Reqt's;  BS/BA  (foreign  equiva¬ 
lent  accepted)  in  CS,  EE  or 
related  field  of  study  plus  2 
years  exp.  in  job  offered  or  2 
years  exp.  in  related  occupation 
(i.e.  Programming  or  Systems 
Analysis).  MUST  possess 
demonstrated  expertise  in  the 
following:  (1)  Major  system 
installation  including  develop¬ 
ment,  implementation,  and 
maintenance  of  mainframe  sys¬ 
tems;  (2)  Applications  develop¬ 
ment  for  financial  services  prod¬ 
ucts  and  industry,  including 
financial  reporting;  and  (3) 
Programming  and  analysis 
using  multiple  mainframe  tools 
and  utilities  including;  Cobol  II. 
PL-SQL,  JCL,  CICS,  VSAM  and 
TSO/ISPF.  Basic  salary  pay 
range  is  $55,500-65,000  per 
year  FT  and  standard  company 
benefits.  EEO.  Submit  2 
resumes  and  respond  to  Case 
No.  2002-02298,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114. 


Senior  Software  Engineer, 
working  as  a  senior-level  individ¬ 
ual  contributor  in  various  pro¬ 
jects,  will  design,  code,  test  and 
deliver  sophisticated  web- 
based  n-tier  client/server  J2EE 
applications  utilizing  Java 
Servlets,  EJBs  and  JSPs  for  the 
Company’s  multiple  channel 
platform  catering  to  wireless 
devices,  interactive  television 
and  conventional  browsers.  Will 
be  responsible  for  assessing 
specific  user  requirements,  and 
then  defining  system  and  appli¬ 
cation  specifications  to  meet 
end-user  needs.  Will  participate 
at  senior  level  in  each  phase  of 
project  life  cycle  development, 
and  will  integrate  web-based 
applications  and  systems  from 
the  concept  phase  through  post¬ 
implementation  performance 
monitoring,  Will  perform  object- 
oriented  analysis  and  software 
design.  Will  coordinate  with 
release  engineering,  quality 
assurance  and  internet  security 
departments  to  ensure  success¬ 
ful  implementation  in  pre  and 
post  production  stages. 
Requires  Bachelor’s  or  equiva¬ 
lent  in  Computer  Science, 
Engineering,  Mathematics,  or 
Physics  and  three  (3)  years  in 
job  offered  OR  three  (3)  years 
experience  in  web-based 
client/server  development. 
Candidate  must  also  possess 
demonstrated  expertise  in 
object  oriented  design  and 
analysis;  demonstrated  exper¬ 
tise  developing  n-tier  J2EE  web- 
based  applications  using  Java 
Sen/lets.  EJBs  and  JSPs;  and 
demonstrated  expertise  pars¬ 
ing.  validating  and  transforming 
XML  data  using  XSL  transfor¬ 
mation.  Salary:  $79,900/yr,  M-F, 
9AM-5PM.  Send  2  resumes 
to  Case  #200202693,  Labor 
Exchange  Office,  19  Staniford 
St..  1st  fl.,  Boston,  MA  02114. 
EOE.  Applicants  must  be  U.S. 
workers  eligible  to  accept  full¬ 
time  employment  in  U.S, 


SENIOR  PROGRAMMER  ANA¬ 
LYST:  (Ancillary  IS  Support 
Dept.)  Formulate  and  define 
systems  scope  and  objectives  in 
order  to  purchase,  design, 
develop  or  modify  information 
systems.  Respons.  &  duties  incl: 
ID  and  analysis  of  business 
requirements  geared  towards 
applying  computer  technology  to 
business  processes;  creating 
functional  specifications  and 
programming  to  these  specifica¬ 
tions  where  no  suitable  vendor 
solution  has  been  identified  to 
solve  business  problem;  vendor 
application  software  research 
and  valuation;  installation  and 
customization  of  vendor  pack¬ 
ages  as  required  by  business 
community;  system  integration 
as  required  by  business  func¬ 
tionality;  creating  functional 
specifications  and  programming 
conversion  and  interface 
processes;  analysis,  preparation 
of  documentation  and  presenta¬ 
tion  to  the  Technology  Planning 
committee  on  SW  application 
systems  requested  to  be  devel¬ 
oped/purchased  by  the  business 
community;  act  as  a  liaison 
between  business  personnel  in 
the  ancillary  departments  and 
outside  vendors.  Central  IS  or 
other  business  units'  IS  commu¬ 
nities  on  any  IT-related  issues; 
and  provide  administrative  func¬ 
tionality,  training  and  application 
support  for  vendor  packages, 
where  appropriate.  Min.  Reqt's: 
BS/BA  (foreign  equivalent 
accepted)  in  CS,  EE  or  related 
field  of  study  plus  2  years  exp.  in 
job  offered  or  2  years  exp.  in 
related  occupation  (i.e. 
Programming  or  Systems 
Analysis).  MUST  possess 
demonstrated  expertise  in  the 
following:  (1)  Major  system 
installation  including  develop¬ 
ment,  implementation,  and 
maintenance  of  distributed  sys¬ 
tems;  (2)  Programming  and 
Database  develop,  with:  VB/C, 
Powerbuilder,  MS  SQL  Server 
and  Access  databases;  (3) 
Applications  development  for 
financial  services  products  and 
industry  including  financial 
reporting;  and  (4)  Using  Crystal 
Reports,  PVCS  Dimensions, 
HTML  and  UNIX.  Basic  pay 
range  is  $55,500  to  65,000  per 
year  FT  and  standard  company 
benefits.  EEO.  Submit  2 
resumes  and  respond  to  Case 
No  2002-02290,  Labor 
Exchange  Office,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114 


Engineer,  Video  Soft¬ 
ware.  Must  have  min. 
4yr  exp  in  computer- 
based  video  prodetn  & 
editing,  w/technical 
knowl  of  lineal  &  non-lin- 
eal  Media  100  Systms  & 
Fiber  Channel  N/work 
Integrator  S/ware.  Fax 
res:  WNV  Sales,  305- 
358-3116,  Attn:  Ms. 
Guttierez. 


Systems  Analyst  (2 
Position)  Design,  analysis 
and  development  of  web 
and  other  applications  with 
the  focus  on  E-commerce 
solutions  using  VB,  Oracle 
and  connectivity  with  MS 
SQL  database.  Req. 
BS/BBA  with  2  yrs  of  exp. 
Resume  to  Ambason  Inc., 
681  Troy  Schenectady 
Road.  Latham,  NY  12110. 
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ND  based  IT  company  has 
openings  for  Software 
Engineers  &  DBA's:  (Multiple 
openings):  Research,  Analyze, 
Design,  develop,  test,  diagnose, 
and  implement  various  business 
applications. 

Real  time  OS  Vx  Works, 
Networking  Protocols,  People- 
Soft  HR/Financials,  IPSEC,  IKE, 
BAAN  ERP,  BAAN  tools,  SAP 
r/3  and  ABAP/4,  Oracle 
8.x/9.x/11.x,  Sun  Solaris  2.8, 
Veritas  Clustering,  Oracle 
Utilities,  Unix  Shell  Scripting, 
PL/SQL,  Erwin  Data  Modeling/ 
Designing,  Web  Technologies 
like  J2EE,  JDBC/ODBC,  Web 
sphere,  EJB,  COM/DCOM, 
C/C++.  MS  SQL  Server.  UNIX, 
J2EE  Architect/Team-Lead 
experience  in  implementing 
financial  applications  on  HP- 
Tandem  Non-stop  systems. 
Product  Administration  System 
SABLIME.  Business  Objects 
5.1.5,  Data  Warehousing, 
Informatics  -  Power  Center  5.1, 
SAS  8,  Teradata  Utilities,  Erwin, 
Power  Mart5.1  /  PowerCenter  5, 
Data  Junction,  Cognos 
Impromptu  7.0,  JD  Edwards, 
WinRunner  6.0,  Test  Director 
6.0,  Silk,  Load  Runner,  Rational 
Suite,  SQA  Suite. 

DBAs  must  have  experience  in 
installation,  migration,  moving, 
setup,  monitoring  and  trouble 
shooting  of  various  database 
applications.  May  require  travel 
to  client  sites.  Software 
Engineer  $$78,000  &  up; 

DBA:$60,000  and  up.  Mail 
resume  to  212,  South  4th  Street, 
Suite#  202,  Grand  Forks,  ND 
58201 


Lead  SW  Dev  Eng  (Denver,  CO) 
-  Lead  in  the  team  effort  to 
design/develop  computer  SW 
programs  using  SW  program¬ 
ming  languages  &  tools  incl. 
C/C++  on  UNIX  &  Sybase  open 
server/open  client  libraries 
implemented  in  multiple  plat¬ 
forms  w/multiple  application 
interfaces.  Design/develop  GUI 
for  user  interaction.  Perform 
data  communication  program¬ 
ming  using  TCP/IP,  MQ  Series  & 
Remote  Procedural  Calls  (RPC) 
for  interprocess  communication 
&  communicating  w/different 
telecom  switches  (Network 
Elements).  Design/develop  user 
database  in  Sybase.  Work  w / 
modeling  &  architecture  groups 
to  explore  system  design  trade¬ 
offs  &  to  develop  optimization 
procedures  for  improving  net¬ 
work  provisioning  efficiency  & 
reducing  total  costs.  MS  Comp 
Sci/Eng/related  +  working/theo¬ 
retical  knowledge  of:  Comm¬ 
ercial  grade  SW  development  in 
UNIX  environment  using  C/C++ 
&  Sybase  open  server/  open 
client  libraries;  Data  communi¬ 
cation  programming  using 
TCP/IP,  MQ  Series  &  RPC; 
Sybase  database  application 
programming  using  stored  pro¬ 
cedures;  Basic  knowledge  of 
Telecom  switch  (Network  ele¬ 
ment)  interfaces.  $81,900/yr,  M- 
F  8-5.  Resume  only  to 
Workforce  Development 
Programs,  PO  Box  46547, 
Denver,  CO  80202.  Ref. 
Job#CO5053475. 


SYSTEMS  ANALYST 
Analyzes  user  requirements, 
procedures  and  problems  to 
automate  processing  or  to 
improve  existing  computer  sys¬ 
tems  Bachelor's  degree  in  com¬ 
puter  science,  engineering  or 
math-related  and  2  yrs.  experi¬ 
ence  in  Visual  Basic,  ASP, 
Microsoft  Plumtree  Corporate 
Portal  3.5,  Web  objects  3.0. 
Must  be  able  to  travel.  Apply  by 
resume  only  to  Murali  K 
Suddala.  Capricorn  Systems 
Inc  3569  Habersham-at  - 
Northlake,  Building  K,  Tucker, 
GA  30084 


Senior  Software  Engineer  to 
design  &  implement  reliable, 
scalable  server  that  supports  the 
Internet-wide  deployment  of 
peer-to-peer  clients.  Utilize 
Object  Oriented  programming 
and  an  expert  knowledge  of  C++ 
in  Windows  and  Unix.  Min. 
req’s:  M.S.  in  Comp.  Sci.  or 
rel.field;  andl  yr.  experience  in 
the  job  offered  or  in  a  related 
position  working  with  Windows 
&  Unix  systems  &  network 
development  in  C++.  Special 
req’s:  ability  to  understand  & 
communicate  complex  technical 
topics;  experience  w/design  & 
implementation  of  network  pro¬ 
tocols,  operating  systems,  dis¬ 
tributed  algorithms  &  compilers. 
Must  have  unrestricted  autho¬ 
rization  to  work  in  U.S.  M-F,  9 
am  -  5  pm,  40  hrs/wk.  Salary: 
$81,235.  An  EOE.  Send  2 
copies  of  resume  to  Case  No. 
200202100,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  FL., 
Boston,  MA  02114. 


Application  Developer.  NY,  NY. 
BS  in  Comp.  Sci.  w/1  yr  exp  in 
job  or  as  Applicat'n  Pgmr  Anlyst. 
Dsgn,  dvlop,  &  deploy  large- 
scale  r/time  web  based  appli¬ 
cat'n  using  PERL,  RDBMS, 
FASTCGI,  JAVA  on  SOLARIS 
platfrm.  Share  &  syndicate  mkt 
dta  using  XML  based  dta 
exchange  tech  as  SOAP  & 
WDDI.  Re-dsgn  &  modify  WSS 
C/C++  server  applicat'n  &  JAVA 
applet  client  applicat'n  w/adv 
TCP/IP  socket  progmng. 
Support  &  maintain  dta  feed 
using  TFN  Firstcall,  COMTEX  & 
DowJones.  Prfm  optimizt'n  & 
dta  mining  using  ETL  &  SQL. 
Dvlop  &  provide  solut'n  to 
investor  using  IT  tech  &  finncial 
mkt  info,  such  as  institutional 
holding,  portfolio  mgmt, 
SEC/EDGAR  filing,  insider 
transact'n.  Send  resume  to  Mr. 
Chun,  Wall  Street  Source,  LLC, 
120  Broadway,  27th  FI.,  NY,  NY 
10011. 


Conviso,  Inc.  delivers  reliability, 
economy  and  quality.  We  are  look¬ 
ing  for  the  following  position. 

Software  Quality  Analyst:  Establish, 
provide  and  advocate  the  Quality 
Assurance  practices  for  software 
development  and  testing.  Review 
applications,  systems,  processes 
pertaining  to  product  execution  and 
implementation.  Execute  multiple 
functional,  security,  data-integrity, 
including  test  automation.  Test 
tools  and  techniques  of  Win 
Runner,  Test  Director.  Simulate 
load  test  using  the  Testing  Tool 
Load  Runner.  Create  quality  test 
documentation  like  test  plans,  test 
cases,  test  matrix  and  test  reports. 
Required  Bachelor's  in  Computer 
Science  or  related  field  and  2+ 
years  of  experience. 

Send  resume  to:  Human  Re¬ 
sources,  Conviso,  Inc.,  9211  Reid 
Lake  Dr.,  Houston,  TX  77064.  E- 
mail:  corphr@houston.rr.com 


Senior  Software  Automation  Qual¬ 
ity  Consultant  -  Responsible  for  de¬ 
veloping,  applying  and  maintaining 
quality  standards  for  software  appli¬ 
cations.  Develop  and  execute  Auto¬ 
mated  software  test  plans  exten¬ 
sively  utilizing  Mercury  Interactive 
WinRunner.  LoadRunner,  Test- 
Director.  Analyze  software  statically 
and  dynamically  using  McCabe. 
Extensive  Global  Distribution  Sys¬ 
tem  knowledge  is  required.  Masters 
Degree  in  Computer  Science  or  rel¬ 
evant  field  with  4  years  of  work  ex¬ 
perience  in  related  occupation.  40 
Hrs./week..  $70, 000/annum.  Must 
be  willing  to  relocate  to  various  un¬ 
anticipated  work  locations  through¬ 
out  the  USA  every  4  to  10  months, 
employer  paid.  Must  have  proof  of 
legal  authority  to  work  in  the  United 
States.  Send  your  resumes  to  the 
Iowa  Workforce  Center,  215  Wat¬ 
son  Powell  Jr.  Way.  #100,  Des 
Moines,  Iowa  50309-1727.  Please 
refer  to  Job  Order  IA1101 776. 
Employer  paid  advertisement. 


Company  engaged  in  the  dev.  of 
global  portfolio  mgmt,  trading 
and  compliance  s/w  seeks  a 
Product  Specialist/Business 
Analyst  to  utilize  sophisticated 
understanding  of  bus.  and 
finance  as  well  as  knowledge  of 
financial  s/w  common  to  the 
industry  including  Reuters, 
Bloomberg,  Market  Guide  and 
First  Call  to  test  co.  s/w  products 
from  an  end-user  perspective. 
Heavy  interaction  with  clients 
and  devlpmt.  of  specs  for  new 
product  features.  Manually  test 
features  within  the  context  of 
trading  workflows  and  work  with 
customers  in  the  finance  and 
trade  industry  to  elicit  feedback 
on  features'  functionality  and 
quality.  Duties  also  include  sup¬ 
port  of  in-house  Acct  Imple¬ 
mentation  Mgmnt,  Development 
&  Technical  Support  teams  and 
providing  bus.  level  support  on 
complex  issues.  Salary  in 
$82,000/yr.  F-T  (40  hrs./wk)  Min 
Req:  No  exp  necessary.  Masters 
in  Finance  or  related  and  knowl¬ 
edge  of  financial  s/w  applica¬ 
tions  common  to  the  industry 
including  Reuters,  Bloomberg 
First  Call,  and  Market  Guide 
required.  Please  respond  with 
two  (2)  copies  of  your  resume  to 
Case  #  200202660,  Labor 
Exchange  Office,  19  Staniford 
St,  1st  FI,  Boston,  MA  02114. 


Market  Research  Analyst 

Research  market  conditions 
for  computer  sales  and  con¬ 
sultancy  firm.  Determine 
potential  sales  of  products 
and  services.  Gather  infor¬ 
mation  on  marketing  methods 
and  distribution,  price  and 
sales.  Liaison  with  foreign 
government  officials  in 
Nigeria  and  Sierra  Leone  to 
obtain  information.  40  hrs/wk, 
no  OT.,  11  months  experience 
in  above.  Send  resume  to 
Quest  Corporation,  512  East 
Jefferson  St.,  Fort  Wayne,  In 
46802.  No  Phone  Calls. 


Software  Enginees  to  design, 
develop,  test  wireiess/web  soft¬ 
ware  systems  &  services  for 
devices  including  WAP  Phone, 
Pocket  PC's,  etc.  using  Java, 
JSP.  VB,  VBA,  SQL,  Web 
Servers,  Weblogic,  HTML,  MS 
Access  and  WCTP  under 
Windows,  UNIX  OS;  perform  req 
analysis  to  determine  tech,  fea¬ 
sibility;  study/evaluate  new 
tech./methodologies;  provide 
guidance  for  complex  user 
problems.  Require:  M.S.  in 
CS/Engg.  (any  branch). 
Competitive  salary.  F/T. 
Respond  to:  HR,  Air2Web,  Inc., 
1230  Peachtree  Street  NE, 
Promenade  II.  12th  FI. .Atlanta, 
GA  30309. 


Nexus  Innovative  Solutions  Co 
seeks  Database  Administrators 
to  design,  configure  and  man¬ 
age  Oracle  Databases  &  Appln 
Srvr  on  UNIX  &  Windows.  Also 
responsible  for  Windows  srvr 
admin;  building  online  learning 
(LMS)  solutions  by  applying 
SME  on  eLearning  sys  &  imple¬ 
menting  SCORM,  AICC,  & 
HIPPA  stds;  maintaining  clinical 
sys;  monitoring  HL7  message 
transmissions;  Job  in  Chicago 
area.  Requires  BS  or  eqvlnt  in 
Comp  Sci  or  Engg  &  5  yrs  exp  in 
database  admin  and/or  in  s/ware 
dsgn  &  dvlpmt.  Must  have  cert 
as  Oracle  DBA  &  NT  Admin. 
Send  resume  to 

HR@niscompany.com. 
Fax:  (703)  385  4385. 


Database  Developer,  Special¬ 
ized  Libraries:  Design/manage 
marketing/market-research  data 
gathering/storage  libraries. 
Perform  data  manipulation  to 
project  market  senerios  using 
knowledge  of  market  research 
methodologies.  Provide  data 
extraction,  loading,  structuring 
for  specialized  business  data 
libraries.  8:30a-5:30p.  Req: 
Bach  Bus  Admin  in  Economics/ 
Finance  &  1  yr  exp  or  as  Tech 
MIS  Coord  &/or  Web  Developer. 
Resume:  J.  Stulb,  Morris 
Communications,  699  Broad  St, 
#800,  Augusta,  GA  30901 


Computers 

SOFTWARE  PROFESSIONALS 
Midrange  Solutions  Inc.,  a  soft¬ 
ware  consulting  company,  re¬ 
quires  network  engineers  willing 
to  relocated  to  the  client  job  sites 
nationwide,  to  resolve  problems 
regarding  administration  of  Al XI 
Unix  servers/operating  systems 
under  supervision  of  technical 
director  and  client  technical  staff. 
Mail  resume  and  salary  req's  to: 
Midrange  Solutions  Inc.,  20 
Hillside  Ave.,  Springfield,  NJ 
07081. 


Oracle  Applications  Devel¬ 
oper:  Design  &  develop 
Oracle  Databases  &  Gra¬ 
phical  user  interface.  De¬ 
velop  user  interface  using 
multiple  web  technologies 
for  generating  reports; 
Oracle  Forms  6i,  Reports 
61,  PL/SQL,  SQL  Reports, 
Java  Script  1.1,  HTML, 
Pro  C,  Java  and  J2EE. 
Please  send  resumes  to 
101  Southhall  Lane,  Suite 
220,  Maitland,  FL  32751. 


Advansoft  (Soft  O  Soft)  is  look¬ 
ing  for  program  or  system  ana¬ 
lysts,  IT  engineers.  Candidate 
must  have  BS  or  equivalent. 
Exp.  in  IT  area  such  as  Oracle, 
Java,  VB,  WebSphere/Weblogic 
etc  is  plus.  Travel  maybe 
required  for  some  position.  Send 
resumes  to: 

info@advansoft.com.  EOE 

E-Com  has  several  system/pro¬ 
grammer  analyst  and  engineer 
positions.  We  are  small  but  sta¬ 
ble,  offer  attractive  wage  with  full 
benefits.  Consultants  must  have 
Bachelor  degree  with  experi¬ 
ence  in  SQL,  Developer  2000, 
Oracle,  Unix,  Window  NT. 
Please  send  resumes  to  e- 
com@prodigy.net 


SW  Engin'rs:  Rsrch,  design  & 
test  explorer/portlet  sw  w  / 
Vignette  on  Websphere/AlX 
platform  &  WSAD;  Design  asset 
&  info  mgt  sw  w/  Metaphase 
Toolkit;  Design  com'unic'n  appli- 
ca'ns  w/  Cobol,  DB2/CICS, 
VS  AM  &  SQLServer.  40h/w,  8-5, 
BS  in  Computer/  Eng'g/Bus. 
related  field  &  2  yr  wk  exp 
involv'g  Vignette/Websphere. 
Metaphase  &  Cobol.  Resume  to 
GBS  at  neddy@genesisincoqi.com 
or  fax:  317-579-1445.  Only  US 
workers  can  apply. 


THE  WORLD’S  BEST 
IT  TOOL  IS  IN 
YOUR  HANDS. 

THE  WORLD’S  BEST 
IT  TALENT  IS  AT 
OUR  SITE. 

WHAT  ELSE  WOULD  YOU  EXPECT 

FROM  THE  ONE  AND  ONLY  CAREER 
RESOURCE  FOR  READERS  OF 
COMPUTERWORLD, 
INFOWORLD  AND 
NETWORKWORLD? 

•A  •  ,  .  •  '  •  s  '  Y  ‘  •  '  I 

COME  ON, 

RECRUIT  OUR  READERS 

AND  YOU’LL  RECRUIT  LESS  OFTEN 

CHECK  US  OUT  AT: 

WWW.ITCAREERS.COM 
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by 

CareerJ  ournal .  com ! 
Search  for  jobs 
and  post  your 
resume  here  on 
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SOFTWARE  ENGINEER  to 
design,  develop  and  test  appli¬ 
cation  software  using  C#,  VB, 
VB.NET,  ASP,  ASP.NET,  ADO, 
ADO.NET,  .NET  Framework, 
SOAP,  XML,  XSLT,  BizTalk 
Server,  Oracle,  MS  SQL,  COM+, 
UML,  CSS,  Active  Directory 
Services  and  JavaScript  under 
Windows  NT  operating  system. 
Require:  B.S.  degree  in 

Computer  Science,  an  Engin¬ 
eering  discipline,  or  a  closely 
related  field  with  4  yrs  of  exp  in 
the  job  offered  or  as  a 

Programmer/Analyst.  Extensive 
travel  on  assignment  to  various 
client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Send  resume  to: 

Nagesh  Ganta,  Management 
Decisions,  Inc,  4940  Peachtree 
Industrial  Blvd,  Ste  310, 

Norcross,  GA  30071;  Attn:  Job 
VR. 


Computer  Consultants. 

Should  have  a  bachelor's 
degree  in  computer  science/ 
related  field  and  3.0  year  experi¬ 
ence  with  the  following:  Delphi, 
VB,  CR8.5,  SQL  2K,  Oracle, 
ISAPI,  VFP  +  MS  Automation, 
Web  Tech.  We  accept  foreign 
education  equivalent  of  the 
degree,  or  the  degree  equivalent 
in  education  and  experience. 

Send  Resume  to: 

ERW  Custom  Programming,  Inc. 
3513  Elizabeth  Lk  Rd„  Ste.  206 
Waterford,  Ml  48328 
ERW  is  an  EOE 


Software  Engineer: 

Design,  Test,  Document 
and  Update  Software  app¬ 
lications.  Prefer  a  Bachelor's 
Degree  or  Foreign  equiv¬ 
alent  in  a  Business  Or 
computer  related  field. 
Send  resumes  to: 

Epoch  Solutions  Inc. 

76  Northeastern  Blvd, 
Suite  29A 
Nashua,  NH  03062 


Enginners  and  Programmer/ 
Analysts  needed  for  Park  City, 
IL  based  Software  Company. 
Scogemini,  Corp  has  several 
senior  and  midlevel  positions 
available  for  qualified  candi¬ 
dates  possessing  MS/BS  or 
equivalent  and/or  relevant 
work  experience.  Work  with  2 
of  the  following:  Java,  Rational 
Suite,  EJB,  Apache, 

Documentum,  Livelink,  Siebel, 
Oracle,  JD  Edwards, 

PowerBuilder  and  XML.  Send 
resumes  to  Scogemini  Corp, 
Attn:  HR,  P.O.Box  7881, 
Gurnee,  IL  60031 


PROGRAMMER  ANALYST: 
Develop  complex  finl.  web 
pages  using  vbscript  & 
javascript  w /  IIS.  Develop  COM 
components  in  VB.  Program 
data/base  objects  using  SQL- 
DMO  &  SQL  Server.  Prep.  XML, 
XSD,  DTD  specs.  Analyze,  trou¬ 
bleshoot  &  work  w/  APL  portfolio 
acctg  sys,  Mobius  &  finl.  asset 
allocation  tools  incl.  Ibbotson 
wealth  forecaster,  sec.  classifier 
&  mean  variance  optimizer.  Req: 
B.S.  in  Eng.  &  2  yrs.  exp.  incl. 
prior  exp.  in  finl.  serv.  or  invest¬ 
ment  indust.  40-hr.  wk. 
Job/Interview  Site:  LA,  CA.  E- 
mail  resume  to  Net  Asset 
Management,  job  ref#101, 
resumesforejobs@netassetmgmt.com 


Computer  Consultant/ 
Programmer-Analyst 

Provide  technical  assistance 
and  expertise  to  clients  in  order 
to  tailor  software  systems  solu¬ 
tions  to  suit  clients'  unique 
needs;  research  efficient  soft¬ 
ware  systems  involving  entire 
system  development  life-cycle 
(analysis,  program  develop¬ 
ment,  design,  testing,  debugging 
and  implementation)  for  client 
applications;  identify  systems 
usage  errors  and  instruct  clients 
to  correct  such  errors;  prepare 
systems  and  user  documenta¬ 
tion  and  conduct  user  training; 
respond  to  customer  concerns; 
provide  technical  expertise  on 
software  usage;  prepare  and 
maintain  customer  status 
reports.  BS  Comp.  Sci.,  Eng.  or 
MIS  plus  5  years  experience 
required. 

Salary  $76,500.  Must  have 
proof  of  legal  authority  to  work 
permanently  in  the  U.S.  on  the 
date  of  application  for  this  posi¬ 
tion.  Apply  at  the  Texas 
Workforce  Commission,  Dallas, 
Texas,  or  send  resume  to  the 
Texas  Workforce  Commission, 
1117  Trinity,  Room  424T,  Austin, 
Texas  78701,  J.O.#TX1696406. 
Ad  Paid  by  an  Equal  Opportunity 
Employer. 


Computers 


Senior  Programmer/ 
Analyst 


CSC  seeks  PROGRAMMER  / 
ANALYST  for  our 
Blythewood,  SC  facility  to 
analyze,  design,  develop, 
implement,  maintain  and 
support  application  software 
systems  for  Central  and 
South  American  insurance 
industry  clients  using  Synon, 
COBOL,  RPG,  CLP,  SDA, 
DFU,  SEU,  OfficeVision,  SQL 
and  DB2  on  AS/400 
platforms.  Requires  Bachelor’s 
degree  in  Computer  Science, 
Engineering,  or  closely 
related  field  and  2  years  of 
experience  as  a  Programmer 
Analyst.  Must  be  able  to  com¬ 
municate  fluently  in  the 
Spanish  language  (spoken  / 
written).  Periodic  travel  (50%) 
on  assignment  to  client  sites 
in  Central  and  South  America 
is  required.  Salary:  $57,450  - 
$98,362  per  year;  M-F  8:30 
a.m.  to  5:30  p.m.  Please  send 
resume  to:  CSC,  HR,  L. 
Ramon,  200  W.  Cesar 
Chavez,  Austin,  Texas 
78701.  Reference  job  code 
LV110103  in  cover  letter. 

http://CAREERS.CSC.COM 


CONSULTING  .  SYSTEMS  INTEGRATION  .  OUTSOURCING 


Computer  Security.  Fidelity 
National  Information  Solutions,  a 
rapidly  growing  provider  of  IT 
enterprise  solutions  &  advanced 
network  services  to  the  real 
estate  title  &  escrow  industry, 
seeks  highly  experienced  pro¬ 
fessionals  for  several  comput- 
er/IS  security  positions  including 
Info  Security  Director  and  Chief 
Security  Ofcr.  Desirable  experi¬ 
ence  may  include  e  g.  CISSP, 
CISA  cert;  IS017799  &  GLBA 
standards;  firewalls;  PKI  &  IDS 
technologies;  security  mgmt  & 
intrusion  detection  tools;  securi¬ 
ty  audits/risk  assessments; 
Internet,  Win-NT  &  UNIX  client- 
server  systems  &  CRM.  Some 
positions  may  require  supervi¬ 
sor/mgr  exp.  Send  resume  Attn 
M.Wood,  FNIS,  2510  Red  Hill 
Ave,  Santa  Ana  CA  92705  or 
email  hri@fnis.com.  Principals 
only.  Must  be  authorized  to  work 
in  U.S.  w/out  employer  sponsor¬ 
ship. 


Transition  Analyst  (Boston,  MA). 
Develop  &  implement  IT  solu¬ 
tions  &  software  applications  to 
support  banking  &  related  port¬ 
folio  &  equity  trading  activities. 
Analyze  business  requirements, 
systems  requirements  &  overall 
architecture,  recommending 
technology  solutions  to  stream¬ 
line  &  enhance  of  transition 
management  processes  &  relat¬ 
ed  back  &  middle  office  activi¬ 
ties.  Will  apply  API,  SQL  Server, 
Sybase,  Oracle  &  Site  Server 
technologies  to  calibrate  rela¬ 
tional  databases  &  increase  sys¬ 
tems  capabilities;  use  XML, 
Visual  Basic  &  web  scripting  lan¬ 
guages  to  develop  new/retrofit 
existing  applications;  identify  & 
migrate  new  software/applica¬ 
tions;  validate  business  req's; 
size  &  tune  databases  &  guide 
teams  on  integration/database 
expansion  activities.  Min.  req's: 
Bachelor's  degree  (or  equiva¬ 
lent)  in  Computer  Science  or 
related  engineering  field,  plus  3 
yrs.  of  experience  in  the  position 
offered  or  3  years  in  position 
respon.  for  using  software  tools 
&  applications  (including  Visual 
Basic,  SQL  Server,  Oracle,  & 
Sybase)  to  develop,  enhance  & 
support  large-scale  relational/ 
legacy  databases  &  systems. 
Must  have  unrestricted  autho¬ 
rization  to  work  in  U.S.  M-F,  9 
a.m.-5  p.m.,  40  hours  per  week. 
Salary:  $70,000  -  $125,000/yr. 
An  EOE.  Send  2  copies  of 
resume  to  Case  No.  200202517, 
Labor  Exchange  Office,  19 
Staniford  St„  1st  FI.,  Boston,  MA 
02114. 


Applications  Developer  (North 
Quincy,  MA).  Resp.  for  devel¬ 
opment,  maintenance  & 
enhancement  of  multi-platform 
(Open  Systems,  Client/Server, 
Mainframe)  business  applica¬ 
tions  utilized  by  High  Net  Worth 
Services  division  of  a  financial 
services  provider.  Develop 
Trust  Accounting  &  Portfolio 
Management  Systems  such  as 
Sungard's  Global  Plus  in  Unix. 
Use  J2EE,  EJB,  Java  Servlets, 
Weblogic  5.1  or  higher,  XML, 
JDBC  JavaScript,  JSP  &  HTML 
to  develop  web  applications  in 
N-tier  environment.  Min.  req's: 
B.S.  or  equivalent  in  Comp. 
Sci.  or  Engineering  or  related 
field  and  6  yrs.  experience  in 
job  or  6  yrs.  in  related  IT  posi¬ 
tions.  6  years  of  experience 
must  include  a  min.  of  2  yrs. 
exp.  with  Sungard's  VISION  & 
a  min.  of  2  yrs.  exp.  with 
UNIX(AIX).  Must  also  possess 
proven  knowledge  of  C/Korn 
Shell  programming,  MVS 
development  &  Relational 
Database  Management. 
Hours:  M-F,  9am  -  5pm,  40 
hrs/wk.  Salary:  $90,460.90/yr. 
Must  have  unrestricted  autho¬ 
rization  to  work  in  U.S.  An  EOE. 
Send  2  copies  of  resume  to 
Case  No.  200201328,  Labor 
Exchange  Office,  19  Staniford 
St.,  1st  FI.,  Boston,  MA  02114. 


SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements  to 
determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
Maplnfo,  Autoplotter  and 
Sapphire  Application  Server. 
Requirements:  Bachelor's  Deg¬ 
ree  or  equivalent  in  Computer 
Science  or  related  field  and  two 
years  experience  as  a  software 
engineer  or  computer  program¬ 
mer,  knowledge  of  Maplnfo, 
Autoplotter  and  Sapphire 
Application  Server.  Salary: 
$66, 000/year.  Working  Cond¬ 
itions:  8:00  A.M.  to  5:00  P.M.,  40 
hours/week,  Involves  extensive 
travel  and  frequent  relocation. 
Apply:  Site  Manager,  Beaver 
County  CareerLink,  2103  Ninth 
Ave.,  Beaver  Falls,  PA  15010, 
Job  No.  WEB347661. 


Level  3  Communications  is 
seeking  a  Configuration 
Management/ Environment 
Team  Leader  for  Broomfield, 
CO.  Candidate  will  direct  and 
supervise  team  of  software  engi¬ 
neers  who  will  package  develop¬ 
er’s  source  code  and  create  and 
maintain  scripts  using  Unix  Shell 
Scripting,  Perl,  Ant,  DOS  batch 
commands  and  windows 
installer  programs  to  distribute 
and  implement  approved  appli¬ 
cation  software  used  by  global 
fiber  optic  communications  net¬ 
work,  operating  on  both  Unix 
and  Windows  platforms.  These 
scripts  will  be  deployed  to  devel¬ 
opment,  testing  and  production 
environments.  Team  will  pack¬ 
age  and  deploy  application  soft¬ 
ware  for  NID  (Network  inventory 
database),  Routing  Engine,  IMS 
(Inventory  Management  Syst¬ 
em),  LMS  (Location  Man¬ 
agement  System),  FMS  (Fiber 
management  system),  and 
NextGen  (Provisiong  System). 
Team  will  use  knowledge  of 
Unix,  iPlanet,  Siteminder, 
Resonate  and  Weblogic  Server 
to  create  and  maintain  platforms 
that  the  application  s  software 
are  deployed  to.  Team  will  use 
knowledge  of  Java,  C++, 
Oracle,  PL/SQL,  RPC,  and 
client  server  technologies 
deployed  on  application  and 
web  servers  on  both  Unix  and 
Windows  environments.  Will 
manage  and  administer  team 
who  will  use  ClearDDTS  change 
management  tools  to  perform 
code  audit  for  to  insure  code 
checked  in  is  in  synch  with  fixed 
ddts  tickets,  and  change  and 
retest  as  needed.  Team  will  use 
Clearcase,  CVS,  RCS,  VSS,  to 
administer  code  repositories  by 
creating  branches,  source  code 
merges,  and  baseline  labeling 
and  naming  conventions.  Please 
email  resumes  to 

Renate.Dykman@level3.com. 
No  phone  calls  please. 


Software  Engineer-  Develop, 
create,  modify  computer 
syst/apps  software,  specialized 
utility  programs.  Analyze  design 
databases  in  application  area. 
Analyze  user  needs,  develop 
software  solutions  using 
Graphical  User  Interface  (GUI) 
and  Internet  Applications. 
Bachelor's  Degree  or  foreign 
equivalent.  Will  accept  3  years 
of  undergraduate  study  and  3 
years  of  experience  as  comput¬ 
er  professional  in  lieu  of 
Bachelor’s.  Degree  must  be  in 
one  of  several  fields:  CS/CA, 
Eng.,  Chem.,  Math,  Physics,  or 
scientific  or  business  related 
field.  Must  have  one  year  expe¬ 
rience  using  combination  of: 
WINDOWS  95/98/00/NT,  UNIX, 
ORACLE,  VISUAL  C++.  C,  C+  +  , 
POWERBUILDER.  MFC, 
CRYSTAL  REPORTS,  VISUAL 
BASIC,  COM/DCOM,  CORBA. 
Extensive  travel  and  frequent 
relocation  required.  $65K/yr 
40hrs/wk  EEO/AAP/M/F/V/H 
Send  resume  to:  Site  Manager, 
Beaver  Cty  CareerLink,  2103 
Ninth  Ave,  Beaver  Falls,  PA 
15010-3957,  Job  Order  No: 
WEB  348373 


Software  Engineer  -  Develop, 
create,  modify  computer 
syst/apps  software,  specialized 
utility  programs.  Analyze  design 
databases  within  application 
area.  Analyze  user  needs, 
develop  software  solutions  using 
SAP,  related  software.  Will 
accept  Bachelor's  Degree  or  for¬ 
eign  equiv  or  equiv  combination 
of  ed  and  exp,  in  one  of  several 
limited  fields:  CS/CA,  Eng., 
Chem.,  Math,  Physics,  or  scien¬ 
tific  or  business  related  field. 
Must  have  one  year  exp  using 
SAP.  Extensive  travel  frequent 
relocation  requird.  $65K/yr 
40hrs/wk  EEO/AAP/M/F/V/H 
Send  resume:  Manager, 

Armstrong  Cty  CareerLink,  1270 
North  Water  Street,  PO  Box  759, 
Kittanning,  PA  16201-0759,  Job 
Order  No:  WEB  348364 
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Software  Engineer  -  Develop, 
create,  modify  computer  syst / 
apps  software  and  specialized 
utility  programs.  Analyze,  design 
databases  within  application 
area.  Analyze  user  needs, 
develop  software  solutions  using 
Relational  Database  Manage¬ 
ment  System  (RDBMS)  and 
related  software.  Bachelor's 
Degree  or  foreign  equivalent. 
Will  accept  3  years  of  under¬ 
graduate  study  and  3  years  of 
experience  as  a  computer  pro¬ 
fessional  in  lieu  of  Bachelors. 
Degree  must  be  in  one  of  sever¬ 
al  limited  fields:  CS/CA,  Eng., 
Chem.,  Math.  Physics,  or  scien¬ 
tific  or  business  related  field. 
Must  have  1  year  of  experience 
using  one  of  the  following: 
INFORMIX,  ORACLE,  FOX¬ 
PRO,  SYBASE,  SQL  SERVER, 
PROGRESS.  Extensive  travel 
and  frequent  relocation  required. 
$65K/yr  40hrs/wk  EEO/AAP/ 
M/F/V/H  Send  resume  to:  Site 
Admin,  Greene  County  Team  PA 
CareerLink,  4  West  High  St, 
Waynesburg,  PA  15370-1324, 
Job  Order  No:  WEB  348388 


Software  Engineer  -  Develop, 
create,  modify  computer 
syst/apps  software,  specialized 
utility  programs.  Analyze,  design 
databases  within  an  application 
area.  Analyze  user  needs, 
develop  software  solutions  using 
Siebel  and  related  software. 
Bachelor's  Degree  or  foreign 
equivalent.  Will  accept  3  years 
of  undergraduate  study  and  3 
years  of  experience  as  a  com¬ 
puter  professional  in  lieu  of 
Bachelors.  Degree  must  be  in 
one  of  several  limited  fields: 
CS/CA,  Eng.,  Chem.,  Math, 
Physics,  or  scientific  or  business 
related  field.  Must  have  one 
year  of  experience  using:  Siebel 
CRM  and  related  software. 
Extensive  travel  and  frequent 
relocation  required.  $65K/yr 
40hrs/wk  EEO/AAP/M/F/V/H 
Send  resume  to:  McKeesport 
CareerLink,  ATTN:  ES  Manager, 
345  Fifth  Ave,  McKeesport,  PA 
151 32-2600  Job  Order  No:  WEB 
348377 


Software  Engineer  -  Develop, 
create,  modify  computer 
syst/apps  software,  specialized 
utility  programs.  Analyze  design 
databases  within  application 
area.  Analyze  user  needs, 
develop  software  solutions  using 
Enterprise  Resource  Planning 
(ERP),  related  software. 
Bachelor's  Degree  or  foreign 
equivalent.  Will  accept  3  years 
of  undergraduate  study  and  3 
years  of  experience  as  comput¬ 
er  professional  in  lieu  of 
Bachelors.  Degree  must  be  in 
one  of  several  limited  fields: 
CS/CA,  Eng.,  Chem.,  Math, 
Physics,  or  scientific  or  business 
related  field.  Must  have  one 
year  experience  using  one  of  the 
following:  SAP,  BAAN,  PEO- 
PLESOFT,  ORACLE  Applica¬ 
tions/Financials/Manufacturing/ 
HR.  Extensive  travel  and  fre¬ 
quent  relocation  required. 
$65K/yr  40hrs/wk  EEO/AAP/ 
M/F/V/H.  Send  resume  to: 
Fayette  Cty  CareerLink,  ATTN: 
CareerLink  Program  Supervisor, 
32  Iowa  Street,  Uniontown,  PA 
15401-3513,  Job  Order  No: 
WEB  348394 


Applied 

Solutions  Architect 

Req's  bachelor's  degree  in 
computer  science  or  engi¬ 
neering:  5  yrs  exp  as  a 
Content  Server  Architect,  Sr 
Architect  or  Technical  Project 
Manager;  &  2  yrs  exp  imple¬ 
menting  full  Content  Server 
product  suite,  J2EE,  IBM 
WebSphere  &  BEA  System 
Weblogic.  Email  resume  to: 
resumes@fatwire.com,  ref 
ID#  ASA001.  EOE  M/F/DA/ 


Software  Engineer  -  Develop, 
create,  modify  computer  syst/ 
apps  software,  specialized  utility 
programs.  Analyze  design  data¬ 
bases  in  application  area. 
Analyze  user  needs,  develop 
software  solutions  using  Internet 
Applications  and  Internet 
Software.  Bachelor's  Degree  or 
foreign  equiv.  Will  accept  3 
years  undergraduate  study  and 
3  years  experience  as  computer 
professional  in  lieu  of  Bach¬ 
elor's.  Degree  must  be  in  one  of 
several  fields:  CS/CA,  Eng., 
Chem.,  Math,  Physics,  scientific 
or  business  related  field  or 
social  sciences  field.  Must  have 
one  year  experience  using  2  of  A 
and  1  of  B,  or  2  of  A  and  1  of  C: 
A -ASP,  HTML,  CGI, 

PERL,  MTS,  IIS 

B  -  JAVA,  JAVASCRIPT. 

JAVABEANS 

C  -  COLDFUSION,  BROADVI- 
SION,  ATG  DYNAMO,  NET 
DYNAMICS,  WEBSPHERE. 
FRONT  PAGE. 

Extensive  travel,  frequent  relo¬ 
cation  required.  $65K/yr 
40hrs/wk  EEO/AAP/M/F/V/H 
Send  resume  to:  Manager, 
Butler  Cty  CareerLink,  Pullman 
Commerce  Cntr,  112  Hollywood 
Dr,  Ste  101,  Butler,  PA  16001- 
5699,  Job  Order  No:  WEB 
348369 


SENIOR  SYSTEMS  ENGINEER 
to  design,  develop,  test,  imple¬ 
ment,  maintain  and  support  net¬ 
work  management  systems  and 
application  software  for  the 
telecommunications  industry 
using  Java,  C++,  NetExpert 
(FrameWork/Tools),  XML, 
CORBA,  Command  Line, 
SNMP,  and  TL1.  Require:  M.S. 
degree  in  Computer  Science,  an 
Engineering  discipline,  or  a 
closely  related  field,  with  two 
years  of  experience  in  the  job 
offered.  Extensive  travel  on 
assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  Salary  Offered, 
8:00  am  to  5:00  pm,  M-F.  Send 
resume  to:  Kenneth  Miles,  Vice- 
President,  MSI  Consulting,  6151 
Powers  Ferry  Road,  Suite  540, 
Atlanta,  GA  30339.  Attn:  Job  AB. 


Software  Engineer  -  Develop, 
create,  modify  computer 
syst/apps  software,  specialized 
utility  programs.  Analyze,  design 
databases  within  application 
area.  Analyze  user  needs, 
develop  software  solutions  using 
UNIX  and  related  software.  Will 
accept  Bachelor's  Degree  or  for¬ 
eign  equivalent,  or  equivalent 
combination  of  education  and 
experience,  in  one  of  several 
limited  fields:  CS/CA,  Eng., 
Chem.,  Math,  Physics,  or  scien¬ 
tific  or  business  related  field. 
Must  have  3  years  experience 
using  HP-UX  and  SCO-UNIX. 
Extensive  travel,  frequent  relo¬ 
cation  required.  $65K/yr 
40hrs/wk  EEO/AAP/M/F/V/H 
Send  resume  to:  BECS/ 

CareerLink  Program  Supervisor, 
Indiana  Cty  CareerLink,  300 
Indian  Springs  Road,  Indiana, 
PA  15701,  Job  Order  No:  WEB 
348384 


Quinnox,  Inc.  is  a  professional 
software  consulting  company 
providing  a  range  of  Consulting 
Service  in  E-Commerce,  ERP. 
EAI  and  CIS  technologies.  We 
have  immediate  full  time  open¬ 
ings  for  numerous  positions 
including  Programmer  Analyst, 
Functional  Analysts,  Systems 
Analyst,  Project  Leaders,  Proj¬ 
ect  Managers  and  Software 
Engineers/Consultants.  A  rele¬ 
vant  degree  is  required  in 
accordance  with  positions.  A 
combination  of  education  and 
experience  to  meet  the  required 
degree  will  also  be  considered. 
Experience  a  plus  and  will  be 
given  preference.  Send  your 
resume  (please  state  publica¬ 
tion  andposition)  to  Attn:  Kimber 
Minix,  535  E.  Diehl  Road,  Suite 
333,  Naperville,  IL-60563,  email: 
kimberm@quinnox.com.  Fax:630- 
548-4500.  www.quinnox.com 
EOE 


Programmer  Analysts-Prog- 
ramming  using  Oracle  data¬ 
base  as  back  end  for  data 
migration.  Software  Engin- 
eers-Prepare  report  design, 
functional,  program  specifica¬ 
tions  &  deploy  using  Brio 
Enterprise  Server  6.5  and 
ETL  development.  Min  Edu- 
BS  in  Comp.Sc./Engg  or  equi, 
Min  Exp-2  yrs.  Job  may 
involve  working  at  various 
locations  throughout  the  US. 
Please  send  resumes  to  Attn: 
RR  1022  East  Divide  Ave 
Suite  D,  City  of  Bismarck,  ND 
58501 


SOFTWARE  ENGINEER  to 
design  and  develop  Web 
Services,  Corba  Services  and 
clients  applications  for  Order 
and  Rodeo  services  using  Java, 
EJB,  WebLogic,  Orbix  2000,  MQ 
Series,  Visio,  Jbuilder  and 
Harvest  under  UNIX  operating 
system.  Require:  M.S.  degree 
in  Computer  Science/  Engin¬ 
eering,  or  a  closely  related  field 
with  two  years  of  experience  in 
the  job  offered.  Extensive  travel 
on  assignment  to  various  client 
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said  no  data  was  lost  from 
Thursday’s  trading  as  a  result 
of  the  blackout.  “In  addition, 
the  Securities  Industry  Au¬ 
tomation  Corp.,  which  is  our 
data  processing  and  technolo¬ 
gy  operations  arm,  is  operat¬ 
ing  at  normal  capacity  on  gen¬ 
erator  power,”  a  spokeswoman 
said  Thursday  night. 

Russ  Lewis,  CIO  at  GFI 
Group  Inc.,  said  the  Wall 
Street-based  online  brokerage 
took  a  “hard  hit  around  4:12 

p.m _ and  we  went  right  into 

disaster  recovery  mode.” 

“All  the  systems  did  come 
down.  We  immediately  went 
on  generator  backup  for  both 
our  data  center  and  our  trad¬ 
ing  floor,”  Lewis  said  Friday 
morning.  “Our  systems  all 
flipped  over  as  well.  Asia  and 
London  were  unaffected  be¬ 
cause  the  systems  flipped  over 
properly.” 

As  a  precautionary  measure, 
Lewis  said,  he  performed  end- 
of-week  backups  Thursday 
night  and  sent  them  via  the 
company’s  virtual  private  net¬ 
work  to  London,  “in  case  we 
weren’t  able  to  get  power  into 
the  New  York  office  today  and 


we  had  to  shut  the  office 
down.” 

Lari  Sue  Taylor,  director  of 
enterprise  information  securi¬ 
ty  and  recovery  at  FleetBoston 
Financial  Corp.  in  New  York, 
said  a  62-member  crisis  man¬ 
agement  team  that  was  creat¬ 
ed  after  9/11  began  assessing 
the  situation  within  an  hour  of 
the  initial  blackout. 

FleetBoston,  which  has  sev¬ 
eral  offices  in  Manhattan,  was 
forced  to  move  workers  to 
SunGard  Data  Systems  Inc.’s 
facilities  in  Carlstadt,  N.J.  Tay¬ 
lor  said  the  bank  also  had  to 
transfer  network  operations 
for  its  Quick  &  Reilly  online 
brokerage  service  to  those  fa¬ 
cilities. 

Diesel  generators  at  Merrill 
Lynch  &  Co.  in  lower  Manhat¬ 
tan  revved  up  as  the  power 
went  out,  and  computer  sys¬ 
tems  in  the  Manhattan  and 
New  Jersey  data  centers  didn’t 
skip  a  beat,  said  spokeswoman 
Selena  Morris. 

“We  were  obviously  pre¬ 
pared  if  something  like  this 
happens,”  Morris  said. 

At  Case  Western  Reserve 
University  in  Cleveland  Friday 
morning,  CIO  Lev  Gonick  was 
running  on  two  hours’  sleep 
after  having  worked  on  recov¬ 
ering  core  systems,  including 


e-mail,  course  management 
systems  and  enterprise  sys¬ 
tems,  throughout  the  night. 

Power  was  still  out  Friday 
morning,  and  nearly  1,000  stu¬ 
dents  were  due  to  move  into 
the  university  for  the  new 
school  year  on  Saturday. 

Gonick  said  school  officials 
were  “desperately  concerned” 
about  losing  data  on  returning 
students’  tuition  payments 
and  course  information,  but  a 
storage-area  network  Gonick 
implemented  after  Sept.  11 
took  automatic  snapshots  of 
data  sets  as  the  power  began 
flickering  at  4:07  p.m.  EDT  on 
Aug.  14.  He  said  on  Friday  that 


he  lost  only  a  “fraction  of  a 
second”  worth  of  data. 

“When  we  got  hit,  we  got  hit 
with  a  double  surge.  It  was  on 
the  second  surge  that  some 
backplanes  and  some  network 
routers  got  hit  pretty  badly.  We 
also  think  the  second  surge 
may  have  hurt  some  of  our 
large  servers  as  well,”  Gonick 
said.  “We’ve  got  a  couple  of 
servers  that  are  a  bit  cranky 
coming  up.  As  soon  as  the  sys¬ 
tem  came  up,  we  had  to  go 
back  and  match  the  last  save. 
It’s  not  been  flawless.  But  it’s 
been  as  close  as  I  can  imagine.” 

Similarly,  Alan  Winchester, 
a  technology  attorney  at  Har¬ 


ris  Beach  LLP  in  New  York, 
said  all  of  the  law  firm’s  finan¬ 
cial  records  are  replicated  in 
real  time  to  its  Rochester,  N.Y., 
office,  which  has  a  generator. 

Winchester  said  disaster  re¬ 
covery  lessons  learned  after 
Sept.  11  were  quickly  imple¬ 
mented  at  Harris  Beach  after 
the  lights  went  out. 

IT  staff  members  left  the 
building  with  backup  tapes  for 
Tuesday  through  Friday,  he 
said.  “We  can  always  restore  it 
if  something  crazy  happens  to 
the  building,”  he  noted.  “We 
can  also  restore  it  if  we  need 
to  get  the  information  to  a 
server  in  a  part  of  the  country 
that’s  not  affected.”  The  law 
firm  has  offices  in  several  oth¬ 
er  locations,  including  Wash¬ 
ington  and  California,  as  well 
as  connections  with  other  law 
firms  that  would  help  if  need¬ 
ed,  Winchester  said. 

FedEx  Corp.  said  the  lack  of 
power  at  its  hubs  and  stations 
in  the  blackout  areas  delayed 
the  processing  of  package  in¬ 
formation  because  drivers 
couldn’t  download  data  from 
bar-code  scanners  into  the 
FedEx  network.  I 


Bob  Brewin,  Linda  Rosencrance 
and  Todd  R.  Weiss  contributed 
to  this  story. 
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Out  of  First  Energy’s  4.3 
million  customers,  1.5  million 
were  affected  by  the  blackout. 

Jamshidi  added  that  the  sta¬ 
bility  of  the  grid  is  unlikely  to 
improve  unless  industry  and 
the  government  invest  more 
time  and  money  in  developing 
advanced  software  that  can 
serve  as  a  real-time  decision- 
support  system  for  electric 
grid  managers  and  operators. 

“There  needs  to  be  a  more 
concentrated  and  cooperative 
approach  at  the  federal  level. 
Otherwise,  these  kinds  of  fail¬ 
ures  will  continue  to  be  diffi¬ 
cult  to  predict,”  he  said. 


Mark  Ascolese,  president  of 
Powerware  Corp.,  a  Raleigh, 
N.C.-based  firm  that  manufac¬ 
tures  power  management  soft¬ 
ware  for  the  energy  industry, 
agreed  that  lack  of  investment 
in  the  right  technologies  has 
contributed  to  the  U.S.  power 
grid’s  poor  state  of  health. 

“What’s  not  been  invested 
in  during  the  last  40  years  is 
the  infrastructure  for  trans¬ 
mission  and  distribution,  in¬ 
cluding  the  hardware  and  soft¬ 
ware  that  power  SCADA  sys¬ 
tems,”  he  said,  referring  to  Su¬ 
pervisory  Control  and  Data 
Acquisition  Systems,  which 
are  real-time  computers  used 
to  manage  grid  capacity. 

Joe  Weiss,  an  analyst  at 
Kema  Consulting  in  Fairfax, 


Va.,  and  former  technical  man¬ 
ager  of  the  Enterprise  Infra¬ 
structure  Security  Program  at 
the  Electric  Power  Research 
Institute  in  Palo  Alto,  Calif., 
said  the  situation  caused  by 
the  badly  outdated  technolo¬ 
gies  is  compounded  by  the 
highly  interconnected  nature 
of  the  grid,  which  makes  such 
widespread  cascading  failures 
an  ever-present  possibility. 

Paper  Solutions 

Weiss  also  acknowledged  that 
much  of  the  research  and  de¬ 
velopment  work  in  more  re¬ 
silient  IT  systems  for  the  elec¬ 
tric  power  grid  —  such  as  the 
“intelligent  grid”  initiative 
called  for  last  year  by  the  Na¬ 
tional  Research  Council  — 


haven’t  made  their  way  into 
operation  to  the  extent  offi¬ 
cials  would  like. 

Howard  Schmidt,  chief  se¬ 
curity  officer  at  eBay  Inc.  and 
former  chairman  of  the  Presi¬ 
dent’s  Critical  Infrastructure 
Protection  Board,  championed 
the  R&D  effort  in  security  sys¬ 
tems  capable  of  operating  in 
the  real-time  environment  of 
the  electric  grid.  He  said  IT 
systems  capable  of  providing 
an  adequate  amount  of  securi¬ 
ty  and  reliability  for  the  na¬ 
tion’s  power  grid  don’t  yet  ex¬ 
ist  and  that  their  development 
is  one  of  the  most  pressing  is¬ 
sues  facing  the  homeland  se¬ 
curity  and  R&D  communities. 

“There’s  better  security  at 
some  e-commerce  sites  than 


there  is  on  some  of  our  electric 
grid  systems,”  said  Schmidt. 

And  IT  security  has  taken 
on  new  meaning  for  the  ener¬ 
gy  industry  in  light  of  last 
week’s  failure,  said  Schmidt 
and  other  industry  experts. 

Jamshidi  agreed  with 
Schmidt’s  assessment,  calling 
the  blackout  the  most  realistic 
security  drill  possible,  one 
that  exposed  serious  weak¬ 
nesses  in  the  system,  includ¬ 
ing  the  threat  from  deliberate 
physical  and  cyberattacks. 
“This  could  have  been  even 
more  disastrous,”  said  Jamshi¬ 
di.  “Clearly,  a  well-informed 
attacker  with  information  on 
the  strengths  and  weaknesses 
of  the  grid  could  cause  a  much 
more  damaging  outage.”  ► 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


etter  Than  UCITA 


'  T’S  FINALLY  OVER.  The  backers  of  UCITA  —  the  widely 
loathed  software  licensing  law  that  would  have  handed  soft¬ 
ware  vendors  all  sorts  of  nasty  control  over  software  buyers 
—  have  given  up  on  it.  UCITA’s  sponsor,  the  National  Confer- 
ence  of  Commissioners  on  Uniform  State  Laws  (NCCUSL), 
said  this  month  that  it  will  no  longer  push  for  UCITA’s  adoption  by 
state  legislatures  [QuickLink  40484]. 

UCITA’s  opponents  have  won  —  but  I’m  not  cheering.  The  bad 
news  is  that  there’s  nothing  better  than  UCITA  to  replace  it  with. 
There’s  still  a  hole  in  the  law  where  UCITA  was  supposed  to  go. 

And  winning  isn’t  the  same  as  solving  the  problem. 


Yes,  the  Uniform  Computer  Information 
Transaction  Act  (UCITA)  is  a  lousy  law.  As  en¬ 
acted  in  Virginia  and  Maryland  —  the  only  two 
states  that  passed  it  —  UCITA  allows  software 
vendors  to  change  license  terms  at  will  without 
informing  customers,  disavow  responsibility  for 
bugs  and  even  sabotage  customers’  systems  if 
vendors  believe  their  licenses  are  being  violated. 

No  wonder  Iowa,  North  Carolina,  Vermont 
and  West  Virginia  passed  laws  specifically  pro¬ 
tecting  their  citizens  from  UCITA.  No  wonder 
the  American  Bar  Association  and  The  Ameri¬ 
can  Law  Institute,  which  work  as  the  NCCUSL’s 
partners  in  creating  the  Uniform  Commercial 
Code,  both  gave  UCITA  a  thumbs  down. 

At  this  point,  UCITA’s  reputation  is  so  bad, 
and  its  foes  are  so  determined,  that  UCITA  will 
never  become  law  in  most  states.  And  since 
that  was  the  whole  idea  behind  UCITA  —  to 
have  a  uniform  state  law  for  software  licensing 
—  UCITA  now  isn’t  just  bad,  it’s  useless. 

But  at  the  heart  of  UCITA,  there  was  once  a 
good,  useful  idea:  software  is  different  from 
conventional  manufactured  products,  and  the 
laws  that  cover  selling  software 
should  treat  it  differently  from  oth¬ 
er  products. 

And  even  though  the  NCCUSL’s 
commissioners  have  given  up  on 
UCITA,  that  difference  still  needs 
addressing.  We  still  need  a  law. 

Software  vendors  need  the  pro¬ 
tection  and  the  consistent  ground 
rules  that  a  uniform  software  licens¬ 
ing  law  would  give  them.  No,  ven¬ 
dors  shouldn’t  be  able  to  sabotage 
users’  machines.  But  vendors 
should  have  reasonable  and  effec¬ 
tive  ways  of  dealing  with  software 


being  used  illegally. 

Software  buyers  need  protections  and  ground 
rules  as  well.  Buyers  still  have  to  depend  far  too 
much  on  the  kindness  of  vendors  when  soft¬ 
ware  doesn’t  work  as  advertised. 

Sure,  corporate  IT  shops  can  negotiate  those 
things  into  contracts.  But  it’s  a  lot  easier  when 
safeguards  are  clearly  spelled  out  in  the  law. 

That’s  the  problem  that  still  remains.  And  the 
state  law  commissioners  have  taken  the  first 
step  in  solving  it  by  finally  pulling  the  plug  on 
UCITA.  That  wasn’t  easy  —  there  was  profes¬ 
sional  pride  involved,  and  the  emotions  that 
came  from  spending  more  than  a  decade  of  ef¬ 
fort  drafting  UCITA  and  the  past  four  years  de¬ 
fending  it  from  attacks  by  both  partners  and  op¬ 
ponents.  But  it  was  the  right  step  to  take. 

The  next  step  will  be  even  harder. 

Soon  —  not  this  year,  maybe  not  next  year, 
but  soon  —  the  NCCUSL  will  have  to  return  to 
the  subject  of  software  licensing. 

Not  to  try  again  with  UCITA.  But  to  start 
over  on  a  new  uniform  software  licensing  law. 

It  shouldn’t  take  so  long  this  time.  The  com¬ 
missioners  will  still  have  all  the 
knowledge  they  gained  working 
on  UCITA,  and  all  the  feedback 
they’ve  gotten  since,  and  another 
half-decade’s  perspective. 

They’ll  have  a  good  chance  to 
make  a  much  better  law,  one  that 
individual  users,  corporate  IT 
shops  and  software  makers  can  ac¬ 
cept,  and  one  that  law  groups  and 
legislatures  can  support. 

I  hope  they  do.  Because  we  need 
that  better  law.  And  when  we  get 
the  software  licensing  law  we  need, 
we’ll  all  win.  > 


frank  hayes.  Computer- 
world’s  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

fraiik.hayes@computerworid.com 


The  Rules  of  the  Game 


This  pilot  fish  long  ago  gave  up  calling  the  not-very- 
helpful  help  desk  when  servers  go  down.  But  when 
the  server  he  needs  has  been  unavailable  for  more 
than  an  hour,  he  calls  a  buddy  in  the  server  room. 
“Yeah,  we  know  it's  been  down  for  73  minutes,”  his 
friend  says.  “All  we  have  to  do  is  reboot  it,  but  the  new 
outsourcing  agreement  says  we  can’t  touch  it  until  a 
user  calls  and  opens  aMBticket.  We've  been  tak¬ 
ing  bets  on  how  long  it  would  take.” 


You’re 

Welcome  SHARK 

Support  pilot  t  ViIIA 

fish  gets  tired  of  |  AN  M 

complaints  from 
one  office  whose  PCs 
are  all  five  years  old. 

Fish  manages  to  get 
them  all  upgraded  at 
once  -  which  gets  rid  of 
the  weird  errors  and 
downtime.  He’s  proud  of 
his  efforts,  but  now 
there’s  a  new  problem. 

“It  seems  they  don’t  like 
the  computers  because 
they’re  all  black,  and  the 
users  say  they  look  very 
unprofessional,”  grum¬ 
bles  fish.  “I  wonder  if 
they’d  like  pink.” 


Excel  spread¬ 
sheet  that 
includes  his 
staffs  salaries, 
ratings  and  last 
merit  raises.  But  fish  no¬ 
tices  some  hidden  rows, 
so  he  “unhides”  them.  “I 
was  greeted  by  the  same 
information  for  the  en¬ 
tire  division,  from  senior 
VPs  down  to  the  tape 
operators,”  says  fish.  Af¬ 
ter  he  shows  fie  HR  rep 
the  problem,  she  turns 
bright  red  and  asks  him 
to  delete  the  e-mail.  “I 
did  so,”  fish  says,  “after 
saving  the  file  elsewhere 
-  just  to  cover  my  bases, 
you  know.” 


Raising  the  Bar 

IT  shop  at  this  manufac¬ 
turer  generates  bar 
codes  for  different  de¬ 
partments,  and  though 
no  two  formats  are  alike, 
they  all  get  done  -  until 
one  manager’s  sample 
bar  code  stumps  this  pi¬ 
lot  fish.  “Even  our  best 
scanner  beeped  back  an 
error  on  the  sample,” 
fish  says.  So  he  calls  the 
manager  -  who  admits 
he  created  it  with  a 
drawing  program.  “We 
don’t  really  use  bar 
codes,”  he  tells  fish.  “We 
just  thought  it  would  look 
really  professional.” 

Out  of  Sight . . . 

Fledgling  HR  rep  e-mails 
IT  manager  pilot  fish  an 


Lookin’  Good 

Pilot  fish  is  fed  UP  with 
executives  who  say  they 
need  the  latest  technol¬ 
ogy,  so  he  comes  up 
with  a  new  system. 
“Every  six  months,  we 
have  execs  turn  in  their 
laptops  for  a  technology 
refresh,”  he  says.  “Their 
laptop  cases  and  key¬ 
boards  are  cleaned  and 
fitted  with  new,  upgrad¬ 
ed  OEM  stickers.  They 
love  their  refreshed  lap¬ 
tops,  and  never  catch  on 
that  all  they  get  are  new 
stickers.  And  of  course 
this  frees  up  consider¬ 
able  budget  for  users 
who  actually  do  need  the 
power  but  who  are  too 
far  down  the  food  chain 
to  actually  get  it.” 


OFEED  THE  SHARK!  Send  your  true  tale  of  IT  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 


Got  Questions  Abo 
Business  Intelligence? 


Computerworld’s  IT  Executive  Summit 
Has  the  Answers 


If  you’re  an  IT  executive*  in  an  end-user  organiza¬ 
tion,  apply  to  attend  one  of  Computerworld’s 
upcoming  complimentary  one-day  summits  on 
Business  Intelligence. 

Neither  a  product  nor  a  system,  Business  Intelligence 
(Bl)  is  an  architecture  -  a  collection  of  interrelated 
operational  and  business  performance  measurement 
applications  and  databases. 

The  only  way  to  succeed  with  Bl  applications  is  to 
understand  their  complexity,  their  cross-organizational 
nature,  the  needs  of  knowledge  workers,  your 
competition,  your  market,  and  customer  trends. 

This  summit  will  give  you  a  comprehensive,  one-day 
overview  -  and  will  arm  you  with  the  latest  thinking 
and  tools  to  make  the  right  investments  in  Bl. 


New  York  City  •  September  23,  2003 

Hilton  New  York  •  1335  Avenue  of  the  Americas 


8:00am  to  8:30am 
8:30am  to  9:00am 


9:00am  to  9:45am 
9:45am  to  10:15am 

10:15am  to  10:45am 
10:45am  to  11:45am 

11:45am  to  12:15pm 
12:15pm  to  1:00pm 
1:00pm  to  1:30pm 

1:30pm  to  2:00pm 
2:00pm  to  3:00pm 

3:00pm 


Registration  and  Networking  Breakfast 

Turning  Information  into  Insight: 

The  Changing  Role  of  Business  Intelligence  in  the  Enterprise 

Maryfran  Johnson,  Editor  in  Chief,  Computerworld 

The  User  Experience:  An  In-Depth  Case  Study 
Information  Evolution:  The  5  Stages  of  Business  Intelligence 

Jim  Davis,  SVP,  SAS  Institute 
Refreshment  and  Networking  Break 

High-Impact  Strategies  for  Delivering  Business  Intelligence  Results 

Panel  Discussion  moderated  by  Julia  King.  National  Correspondent.  Computerworld 

Thriving  in  Times  of  Transition:  One  CIO’s  Perspective 

Networking  Luncheon 

Building  Innovation  into  a  Business  Intelligence  Infrastructure 

Shaku  Atre,  author  of  Business  Intelligence  Roadmap  and  President,  Atre  Croup 

Regulated  IT:  Uncle  Sam  Wants  Your  Data 
Turning  a  Legal  Eye  on  IT  Governance 

Panel  Discussion  moderated  by  Tom  Hoffman,  Computerworld  Reporter 
Program  concludes 


San  Francisco  •  September  25,  2003 

The  Fairmont  San  Francisco  •  950  Mason  Street  (Nob  Hill) 


Selected 

speakers 

include: 


an  Johnson 
in  Chief 
Computerworld 


Shaku  Atre 
Author 

Business  Intelligence 
Roadmap 


*  Complimentary  registration 
is  restricted  to  qualified 
IT  executives  only. 


•••••„  COMPUTERWORLD 

*•••«  IT  Executive  Summit 

®  on  Business  Intelligence 

www.itexecutivesummit.com/bi 


8:00am  to  8:30am 
8:30am  to  9:00am 


9:00am  to  9:45am 
9:45am  to  10:15am 

10:15am  to  10:45am 
10:45am  to  11:45am 

11:45am  to  12:15pm 

12:15pm  to  1:00pm 
1:00pm  to  1:30pm 

1:30pm  to  2:30pm 

2:30pm  to  3:00pm 
3:00pm 


Registration  and  Networking  Breakfast 

Turning  Information  into  Insight: 

The  Changing  Role  of  Business  Intelligence  in  the  Enterprise 

Maryfran  Johnson.  Editor  in  Chief.  Computerworld 

The  User  Experience:  An  In-Depth  Case  Study 
Thriving  in  Times  of  Transition:  One  CIO’s  Perspective 

Doug  Busch,  CIO,  Intel 
Refreshment  and  Networking  Break 

High-Impact  Strategies  for  Delivering  Business  Intelligence  Results 

Panel  Discussion  moderated  by  Julia  King,  National  Correspondent,  Computerworld 

Information  Evolution:  The  5  Stages  of  Business  Intelligence 

Jim  Davis,  SVP,  SAS  Institute 
Networking  Luncheon 

Building  Innovation  into  a  Business  Intelligence  Infrastructure 

Shaku  Atre,  author  of  Business  Intelligence  Roadmap  and  President,  Atre  Group 
Turning  a  Legal  Eye  on  IT  Governance 

Panel  Discussion  moderated  by  Tom  Hoffman,  Computerworld  Reporter 
Thornton  May,  IT  Futurist  and  Computerworld  Columnist 
Program  concludes 


Apply  for  registration  today 

For  more  information  or  to  apply,  visit  www.itexecutivesummit.com/bi 


Exclusively  sponsored  by: 


Thronton  May 
IT  Futurist 


Doug  Busch 

CIO 

Intel 


HR  Standing  at  the  forefront 
of  the  Linux  revolution 


Linux  is  ail  about  open  solutions. 
And  so  is  HP.  So  naturally,  HP  has 
emerged  as  the  worldwide  leader  in 
Linux  solutions.  By  focusing  on  the 
key  strength  of  Linux— open  system 
environments— HP  has  been  solving 
real  business  problems  for  more 
customers  than  anyone  for  18 
quarters  running.  With  HP  hardware, 
software  and  over  4,000  Linux 
service  experts  ready  to  serve  you,  its 
easy  to  see  we're  the  Linux  leader. 
And  the  ones  you  should  call 
to  make  even  your 
most  business-critical 
1  applications 

■I  lip  easier  to  manage 

at  lower  costs, 
Demand  more.  Demand  HP  for  Linux. 


To  see  what  HP  and  Linux  can  do  for 
your  business,  try  our  TCO  calculator 
at  www.hp.com/go/demandlinux. 


invent 


